Skip to content

avoid ArgumentOutOfRangeException while processing invalid or incomplete TLS frame #63184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
wfurt merged 2 commits into from
Dec 31, 2021
Merged

avoid ArgumentOutOfRangeException while processing invalid or incomplete TLS frame #63184

wfurt merged 2 commits into from
Dec 31, 2021

Conversation

@wfurt
Copy link
Member

@wfurt wfurt commented Dec 29, 2021

This change fixes issue reported in #62109. The issue has long summary describing what is going on - based on dump provided by the reporter.

In essence, FillHandshakeBufferAsync can "silently fail" on EOF and we can create ArrayBuffer with negative length. Added test would throw ArgumentOutOfRangeException on release builds or hit Assert with debug builds.

I modified the FillHandshakeBufferAsync to consistently throw if EOF is reached before request bytes are accumulated. This was already there in few places but we missed the case when read would finish synchronously.

fixes #62109

@wfurt wfurt requested a review from a team December 29, 2021 06:13
@wfurt wfurt self-assigned this Dec 29, 2021
@ghost
Copy link

ghost commented Dec 29, 2021

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

This change fixes issue reported in #62109. The issue has long summary describing what is going on - based on dump provided by the reporter.

In essence, FillHandshakeBufferAsync can "silently fail" on EOF and we can create ArrayBuffer with negative length. Added test would throw ArgumentOutOfRangeException on release builds or hit Assert with debug builds.

I modified the FillHandshakeBufferAsync to consistently throw if EOF is reached before request bytes are accumulated. This was already there in few places but we missed the case when read would finish synchronously.

fixes #62109

Author: wfurt
Assignees: wfurt
Labels:

area-System.Net.Security
Milestone: -

@geoffkizer
Copy link
Contributor

geoffkizer commented Dec 30, 2021

Since we are changing this code anyway:

I don't understand why we have the InternalFillHandshakeBuffferAsync helper here. What is this accomplishing, vs just directly awaiting the task returned by ReadAsync? The async machinery already optimizes for the sync completion case.

I suppose perhaps there is some benefit in avoiding the very small cost of async method setup in the case where we don't need to read at all, but (a) I'm quite skeptical that this cost matters, and (b) even if we want to optimize for it, we can achieve the same result much more easily.

Looking back at the history here, this seems to have happened because we basically copied this code from FillBufferAsync, and that's what FillBufferAsync used to do. But FillBufferAsync was changed to not do this a long time ago.

(Also, FillBufferAsync seems to be not used at all anymore, and should be removed.)

@wfurt
Copy link
Member Author

wfurt commented Dec 30, 2021

yes, I was thinking about InternalFillHandshakeBuffferAsync, but decided not to change it with this change. It is independent IMHO and would complicate servicing if we would think about it. It seems like was FillBufferAsync was obsoleted by EnsureFullTlsFrameAsync.
Merging the _handshakeBuffer and _internalBuffer is on my todo list for a while.

@wfurt wfurt merged commit 58495a3 into dotnet:main Dec 31, 2021
@wfurt wfurt deleted the eof_62109 branch December 31, 2021 23:02
@wfurt
Copy link
Member Author

wfurt commented Dec 31, 2021

Looks like I open #52037 while back for the buffers.

stephentoub
stephentoub reviewed Jan 3, 2022
View reviewed changes
Copy link
Member

@stephentoub stephentoub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ghost ghost locked as resolved and limited conversation to collaborators Feb 2, 2022
@karelz karelz added this to the 7.0.0 milestone Apr 8, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@stephentoub stephentoub stephentoub left review comments

+1 more reviewer

@geoffkizer geoffkizer geoffkizer approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@wfurt wfurt

Labels

area-System.Net.Security

Projects

None yet

Milestone

7.0.0

Development

Successfully merging this pull request may close these issues.

ArgumentOutOfRangeException at System.Net.Security.SslStream.ProcessBlob

4 participants

@wfurt @geoffkizer @stephentoub @karelz