[Asterisk-code-review] AST-2018-007: iostreams potential DoS when client connection... (asterisk[master])
Kevin Harwell
asteriskteam at digium.com
Mon Jun 11 10:28:44 CDT 2018
Kevin Harwell has uploaded this change for review. ( https://gerrit.asterisk.org/9155
Change subject: AST-2018-007: iostreams potential DoS when client connection closed prematurely
......................................................................
AST-2018-007: iostreams potential DoS when client connection closed prematurely
Before Asterisk sends an HTTP response (at least in the case of errors),
it attempts to read & discard the content of the request. If the client
lies about the Content-Length, or the connection is closed from the
client side before "Content-Length" bytes are sent, the request handling
thread will busy loop.
ASTERISK-27807
Change-Id: I945c5fc888ed92be625b8c35039fc6d2aa89c762
---
M main/iostream.c
1 file changed, 9 insertions(+), 2 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/55/9155/1
diff --git a/main/iostream.c b/main/iostream.c
index 00cb878..819616a 100644
--- a/main/iostream.c
+++ b/main/iostream.c
@@ -208,11 +208,18 @@
}
}
break;
+ case SSL_ERROR_SYSCALL:
+ /* Some non-recoverable I/O error occurred. The OpenSSL error queue may
+ * contain more information on the error. For socket I/O on Unix systems,
+ * consult errno for details. */
+ ast_debug(1, "TLS non-recoverable I/O error occurred: %s, %s\n", ERR_error_string(sslerr, err),
+ ssl_error_to_string(sslerr, res));
+ return -1;
default:
/* Report EOF for an undecoded SSL or transport error. */
ast_debug(1, "TLS transport or SSL error reading data: %s, %s\n", ERR_error_string(sslerr, err),
ssl_error_to_string(sslerr, res));
- return 0;
+ return -1;
}
if (!ms) {
/* Report EOF for a timeout */
@@ -328,7 +335,7 @@
while (remaining) {
ret = ast_iostream_read(stream, buf, remaining > sizeof(buf) ? sizeof(buf) : remaining);
- if (ret < 0) {
+ if (ret <= 0) {
return ret;
}
remaining -= ret;
--
To view, visit https://gerrit.asterisk.org/9155
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I945c5fc888ed92be625b8c35039fc6d2aa89c762
Gerrit-Change-Number: 9155
Gerrit-PatchSet: 1
Gerrit-Owner: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Sean Bright <sean.bright at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180611/24049683/attachment.html>
More information about the asterisk-code-review
mailing list