<p>Kevin Harwell has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/9169">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">AST-2018-007: iostreams potential DoS when client connection closed prematurely<br><br>Before Asterisk sends an HTTP response (at least in the case of errors),<br>it attempts to read & discard the content of the request. If the client<br>lies about the Content-Length, or the connection is closed from the<br>client side before "Content-Length" bytes are sent, the request handling<br>thread will busy loop.<br><br>ASTERISK-27807<br><br>Change-Id: I945c5fc888ed92be625b8c35039fc6d2aa89c762<br>---<br>M main/iostream.c<br>1 file changed, 9 insertions(+), 2 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/69/9169/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">diff --git a/main/iostream.c b/main/iostream.c<br>index aaa74fa..9363c31 100644<br>--- a/main/iostream.c<br>+++ b/main/iostream.c<br>@@ -197,11 +197,18 @@<br>                                     }<br>                             }<br>                             break;<br>+                       case SSL_ERROR_SYSCALL:<br>+                              /* Some non-recoverable I/O error occurred. The OpenSSL error queue may<br>+                               * contain more information on the error. For socket I/O on Unix systems,<br>+                             * consult errno for details. */<br>+                             ast_debug(1, "TLS non-recoverable I/O error occurred: %s, %s\n", ERR_error_string(sslerr, err),<br>+                                    ssl_error_to_string(sslerr, res));<br>+                           return -1;<br>                    default:<br>                              /* Report EOF for an undecoded SSL or transport error. */<br>                             ast_debug(1, "TLS transport or SSL error reading data:  %s, %s\n", ERR_error_string(sslerr, err),<br>                                   ssl_error_to_string(sslerr, res));<br>-                           return 0;<br>+                            return -1;<br>                    }<br>                     if (!ms) {<br>                            /* Report EOF for a timeout */<br>@@ -317,7 +324,7 @@<br> <br>        while (remaining) {<br>           ret = ast_iostream_read(stream, buf, remaining > sizeof(buf) ? sizeof(buf) : remaining);<br>-          if (ret < 0) {<br>+            if (ret <= 0) {<br>                    return ret;<br>           }<br>             remaining -= ret;<br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/9169">change 9169</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/9169"/><meta itemprop="name" content="View Change"/></div></div>

<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 15.4 </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>
<div style="display:none"> Gerrit-Change-Id: I945c5fc888ed92be625b8c35039fc6d2aa89c762 </div>
<div style="display:none"> Gerrit-Change-Number: 9169 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Sean Bright <sean.bright@gmail.com> </div>