date:20220427

[Bug 66035] New: SIGSEGV in org.apache.tomcat.jni.SSL::getSessionId - NIO+OpenSSL

2022-04-27 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=66035

Bug ID: 66035
   Summary: SIGSEGV in org.apache.tomcat.jni.SSL::getSessionId -
NIO+OpenSSL
   Product: Tomcat Native
   Version: 1.2.30
  Hardware: PC
OS: Linux
Status: NEW
  Severity: major
  Priority: P2
 Component: Library
  Assignee: dev@tomcat.apache.org
  Reporter: mic...@josifci.cz
  Target Milestone: ---

Created attachment 38265
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=38265&action=edit
hs_err_pid

Hello,
we are switching from APR+OpenSSL to NIO(2)+OpenSSL connector configuration and
we are facing SIGSEGV error. Tested multiple Java+tomcat-native+OpenSSL
combinations, nothing helped.
Tested also with Oracle JDK 11.0.15, openssl 1.1.1n, latest tomcat-native

fyi. Our APR+OpenSSL configuration is rock solid.

Best Regards
Michal Josifek


#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x7f13f860fbe5, pid=36351, tid=36401
#
# JRE version: OpenJDK Runtime Environment Corretto-11.0.14.9.1 (11.0.14+9)
(build 11.0.14+9-LTS)
# Java VM: OpenJDK 64-Bit Server VM Corretto-11.0.14.9.1 (11.0.14+9-LTS, mixed
mode, tiered, compressed oops, g1 gc, linux-amd64)
# Problematic frame:
# C  [libssl.so.1.0.0+0x49be5]  SSL_SESSION_get_id+0x5
#
# Core dump will be written. Default location: //core.36351
#
# An error report file with more information is saved as:
# /tmp/hs_err_pid36351.log
Compiled method (nm) 2514776 22100 n 0  
org.apache.tomcat.jni.SSL::getSessionId (native)
 total in heap  [0x7f143d67ef10,0x7f143d67f350] = 1088
 relocation [0x7f143d67f088,0x7f143d67f0c0] = 56
 main code  [0x7f143d67f0c0,0x7f143d67f348] = 648
 oops   [0x7f143d67f348,0x7f143d67f350] = 8
Compiled method (nm) 2514781 22100 n 0  
org.apache.tomcat.jni.SSL::getSessionId (native)
 total in heap  [0x7f143d67ef10,0x7f143d67f350] = 1088
 relocation [0x7f143d67f088,0x7f143d67f0c0] = 56
 main code  [0x7f143d67f0c0,0x7f143d67f348] = 648
 oops   [0x7f143d67f348,0x7f143d67f350] = 8
#
# If you would like to submit a bug report, please visit:
#   https://github.com/corretto/corretto-11/issues/
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 66035] SIGSEGV in org.apache.tomcat.jni.SSL::getSessionId - NIO+OpenSSL

2022-04-27 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=66035

--- Comment #1 from Remy Maucherat  ---
The handshake failed and the session id is accessed through your access logging
pattern.

Looking at the Panama code there could be an optimistic use of the
SSL_get_session call (it would return NULL if there's no session because
handshake failed).

The native code seems to have the same problem, since it does:
UNREFERENCED(o);
session = SSL_get_session(ssl_);
session_id = SSL_SESSION_get_id(session, &len);

While other places do:
session  = SSL_get_session(ssl_);
if (session) {
return SSL_get_time(session);
} else {
tcn_ThrowException(e, "ssl session is null");
return 0;
}

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: 66035: Add NULL check on the SSL session reference

2022-04-27 Thread remm

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new c8ecaa44f6 66035: Add NULL check on the SSL session reference
c8ecaa44f6 is described below

commit c8ecaa44f6a110873bd7bf8b3c2f08354e2900d8
Author: remm 
AuthorDate: Wed Apr 27 13:08:08 2022 +0200

66035: Add NULL check on the SSL session reference

Add NULL check on the SSL session reference in the Panama code before
accessing the session id and creation time.
---
 .../org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java   | 7 ++-
 webapps/docs/changelog.xml | 4 
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git 
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
 
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index e34759c913..52e0677144 100644
--- 
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++ 
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -1568,6 +1568,9 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
 var allocator = SegmentAllocator.ofScope(engineScope);
 MemorySegment lenPointer = 
allocator.allocate(CLinker.C_POINTER);
 var session = SSL_get_session(state.ssl);
+if (MemoryAddress.NULL.equals(session)) {
+return new byte[0];
+}
 MemoryAddress sessionId = SSL_SESSION_get_id(session, 
lenPointer);
 int length = MemoryAccess.getInt(lenPointer);
 id = (length == 0) ? new byte[0] : 
sessionId.asSegment(length, engineScope).toByteArray();
@@ -1589,7 +1592,9 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
 synchronized (OpenSSLEngine.this) {
 if (!destroyed) {
 var session = SSL_get_session(state.ssl);
-creationTime = SSL_SESSION_get_time(session);
+if (!MemoryAddress.NULL.equals(session)) {
+creationTime = SSL_SESSION_get_time(session);
+}
 }
 }
 return creationTime * 1000L;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3df044a28f..702914aadd 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -144,6 +144,10 @@
 Tomcat will not be running on a JRE where these issues are present.
 (markt)
   
+  
+66035: Add NULL check on the SSL session reference in the
+Panama code before accessing the session id and creation time. (remm)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch main updated: 66035: Add NULL check on the SSL session reference

2022-04-27 Thread Christopher Schultz


Rémy,

On 4/27/22 07:08, r...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
  new c8ecaa44f6 66035: Add NULL check on the SSL session reference
c8ecaa44f6 is described below

commit c8ecaa44f6a110873bd7bf8b3c2f08354e2900d8
Author: remm 
AuthorDate: Wed Apr 27 13:08:08 2022 +0200

 66035: Add NULL check on the SSL session reference
 
 Add NULL check on the SSL session reference in the Panama code before

 accessing the session id and creation time.


Should this be done in tcnative as well? Or was this intended to be a 
belt-and-suspenders check to avoid the problem whether or not it exists 
in tcnative?


I think the attached patch ought to do it for tcnative.

-chris

=== CUT ===
diff --git a/native/src/ssl.c b/native/src/ssl.c
index d59246ea3..5329a93da 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -2001,8 +2001,12 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSL, 
getSessionId)(TCN_STDARGS, jlong ssl)

 }
 UNREFERENCED(o);
 session = SSL_get_session(ssl_);
-session_id = SSL_SESSION_get_id(session, &len);
+if (NULL == session) {
+tcn_ThrowException(e, "ssl session is null");
+return NULL;
+}

+session_id = SSL_SESSION_get_id(session, &len);
 if (len == 0 || session_id == NULL) {
 return NULL;
 }
diff --git a/native/src/sslnetwork.c b/native/src/sslnetwork.c
index 6e5960f91..46b253ec8 100644
--- a/native/src/sslnetwork.c
+++ b/native/src/sslnetwork.c
@@ -689,7 +689,7 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket, 
renegotiate)(TCN_STDARGS,


 #if defined(SSL_OP_NO_TLSv1_3)
 session  = SSL_get_session(con->ssl);
-if (SSL_SESSION_get_protocol_version(session) == TLS1_3_VERSION) {
+if (NULL != session && SSL_SESSION_get_protocol_version(session) == 
TLS1_3_VERSION) {

 // TLS 1.3 renegotiation
 retVal = SSL_verify_client_post_handshake(con->ssl);
 if (retVal <= 0) {

=== CUT ===



---
  .../org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java   | 7 ++-
  webapps/docs/changelog.xml | 4 
  2 files changed, 10 insertions(+), 1 deletion(-)

diff --git 
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
 
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index e34759c913..52e0677144 100644
--- 
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++ 
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -1568,6 +1568,9 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
  var allocator = SegmentAllocator.ofScope(engineScope);
  MemorySegment lenPointer = 
allocator.allocate(CLinker.C_POINTER);
  var session = SSL_get_session(state.ssl);
+if (MemoryAddress.NULL.equals(session)) {
+return new byte[0];
+}
  MemoryAddress sessionId = SSL_SESSION_get_id(session, 
lenPointer);
  int length = MemoryAccess.getInt(lenPointer);
  id = (length == 0) ? new byte[0] : 
sessionId.asSegment(length, engineScope).toByteArray();
@@ -1589,7 +1592,9 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
  synchronized (OpenSSLEngine.this) {
  if (!destroyed) {
  var session = SSL_get_session(state.ssl);
-creationTime = SSL_SESSION_get_time(session);
+if (!MemoryAddress.NULL.equals(session)) {
+creationTime = SSL_SESSION_get_time(session);
+}
  }
  }
  return creationTime * 1000L;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3df044a28f..702914aadd 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -144,6 +144,10 @@
  Tomcat will not be running on a JRE where these issues are present.
  (markt)

+  
+66035: Add NULL check on the SSL session reference in the
+Panama code before accessing the session id and creation time. (remm)
+  
  




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 66035] SIGSEGV in org.apache.tomcat.jni.SSL::getSessionId - NIO+OpenSSL

2022-04-27 Thread bugzilla

https://bz.apache.org/bugzilla/show_bug.cgi?id=66035

--- Comment #2 from Christopher Schultz  ---
Proposed patch for tcnative:

diff --git a/native/src/ssl.c b/native/src/ssl.c
index d59246ea3..5329a93da 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -2001,8 +2001,12 @@ TCN_IMPLEMENT_CALL(jbyteArray, SSL,
getSessionId)(TCN_STDARGS, jlong ssl)
 }
 UNREFERENCED(o);
 session = SSL_get_session(ssl_);
-session_id = SSL_SESSION_get_id(session, &len);
+if (NULL == session) {
+tcn_ThrowException(e, "ssl session is null");
+return NULL;
+}

+session_id = SSL_SESSION_get_id(session, &len);
 if (len == 0 || session_id == NULL) {
 return NULL;
 }
diff --git a/native/src/sslnetwork.c b/native/src/sslnetwork.c
index 6e5960f91..46b253ec8 100644
--- a/native/src/sslnetwork.c
+++ b/native/src/sslnetwork.c
@@ -689,7 +689,7 @@ TCN_IMPLEMENT_CALL(jint, SSLSocket,
renegotiate)(TCN_STDARGS,

 #if defined(SSL_OP_NO_TLSv1_3)
 session  = SSL_get_session(con->ssl);
-if (SSL_SESSION_get_protocol_version(session) == TLS1_3_VERSION) {
+if (NULL != session && SSL_SESSION_get_protocol_version(session) ==
TLS1_3_VERSION) {
 // TLS 1.3 renegotiation
 retVal = SSL_verify_client_post_handshake(con->ssl);
 if (retVal <= 0) {

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

ApacheCon Asia 2022 is calling for Presentations!

2022-04-27 Thread Huxing Zhang

Hi All,

ApacheCon Asia is coming again as a virtual event this July 29 - 31.
The CFP will end on Tuesday, May 31st, 2022 8:00 AM (Beijing time -
UTC +8).

More details could be found here:

https://apachecon.com/acasia2022/cfp.html

Please remember that there is no need to be present at the conference,
it is completely virtual,
the talk is pre-recorded.

The presentation could be either in English or in Chinese.

Please free free to submit your ideas related to Web server / Tomcat
or other topics here:

https://shimo.im/forms/6ZTBLanjqW8pY3dj/fill?channel=website

--
Best Regards！
Huxing

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 66035] New: SIGSEGV in org.apache.tomcat.jni.SSL::getSessionId - NIO+OpenSSL

[Bug 66035] SIGSEGV in org.apache.tomcat.jni.SSL::getSessionId - NIO+OpenSSL

[tomcat] branch main updated: 66035: Add NULL check on the SSL session reference

Re: [tomcat] branch main updated: 66035: Add NULL check on the SSL session reference

[Bug 66035] SIGSEGV in org.apache.tomcat.jni.SSL::getSessionId - NIO+OpenSSL

ApacheCon Asia 2022 is calling for Presentations!

6 matches

Site Navigation

Mail list logo

Footer information