openssl/ssl
Benjamin Kaduk 328fd88333 Fix a race condition in SNI handling
As was done for ciphers, supported groups, and EC point formats in
https://github.com/openssl/openssl/pull/9162, only write the negotiated
SNI hostname value to the session object when not resuming, even for
TLS 1.3 resumptions.  Otherwise, when using a stateful session cache
(as is done by default when 0-RTT data is enabled), we can have multiple
SSLs active using the same in-memory session object, which leads to
double-frees and similar race conditions in the SNI handler prior
to this commit.

Fortunately, since draft-ietf-tls-tls13-22, there is no requirement
that the SNI hostname be preserved across TLS 1.3 resumption, and thus
not a need to continually update the session object with the "current"
value (to be used when producing session tickets, so that the subsequent
resumption can be checked against the current value).  So we can just
relax the logic and only write to the session object for initial handshakes.
This still leaves us in a somewhat inconsistent state, since if the SNI value
does change across handshakes, the session object will continue to record
the initial handshake's value, even if that bears no relation to the
current handshake.  The current SSL_get_servername() implementation
prefers the value from the session if s->hit, but a more complete fix
for that and related issues is underway in
https://github.com/openssl/openssl/pull/10018; there is no need to wait
for the complete fix for SNI name handling in order to close the
race condition and avoid runtime crashes.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10441)

(cherry picked from commit 2a5385511051d33be8d2b20d7669d8b1862fe510)
2019-11-21 18:27:40 -08:00
..
record Send bad_record_mac instead of decryption_failed 2019-10-07 08:25:42 +01:00
statem Fix a race condition in SNI handling 2019-11-21 18:27:40 -08:00
bio_ssl.c Reorganize local header files 2019-09-27 23:58:06 +02:00
build.info Move ssl/t1_ext.c to ssl/statem/extensions_cust.c 2017-04-07 13:41:04 +01:00
d1_lib.c Reorganize local header files 2019-09-27 23:58:06 +02:00
d1_msg.c Reorganize local header files 2019-09-27 23:58:06 +02:00
d1_srtp.c Reorganize local header files 2019-09-27 23:58:06 +02:00
methods.c Reorganize local header files 2019-09-27 23:58:06 +02:00
packet.c Reorganize local header files 2019-09-27 23:58:06 +02:00
packet_local.h Fix header file include guard names 2019-09-27 23:58:12 +02:00
pqueue.c Reorganize local header files 2019-09-27 23:58:06 +02:00
s3_cbc.c Reorganize local header files 2019-09-27 23:58:06 +02:00
s3_enc.c Reorganize local header files 2019-09-27 23:58:06 +02:00
s3_lib.c Reorganize local header files 2019-09-27 23:58:06 +02:00
s3_msg.c Reorganize local header files 2019-09-27 23:58:06 +02:00
ssl_asn1.c Reorganize local header files 2019-09-27 23:58:06 +02:00
ssl_cert.c SSL: Document SSL_add_{file,dir}_cert_subjects_to_stack() 2019-11-12 13:43:33 +01:00
ssl_cert_table.h Update copyright year 2018-03-20 13:08:46 +00:00
ssl_ciph.c Reorganize local header files 2019-09-27 23:58:06 +02:00
ssl_conf.c Reorganize local header files 2019-09-27 23:58:06 +02:00
ssl_err.c Don't interleave handshake and other record types in TLSv1.3 2019-02-19 09:37:29 +00:00
ssl_init.c Reorganize local header files 2019-09-27 23:58:06 +02:00
ssl_lib.c Reorganize local header files 2019-09-27 23:58:06 +02:00
ssl_local.h Fix header file include guard names 2019-09-27 23:58:12 +02:00
ssl_mcnf.c Reorganize local header files 2019-09-27 23:58:06 +02:00
ssl_rsa.c Reorganize local header files 2019-09-27 23:58:06 +02:00
ssl_sess.c Reorganize local header files 2019-09-27 23:58:06 +02:00
ssl_stat.c Reorganize local header files 2019-09-27 23:58:06 +02:00
ssl_txt.c Reorganize local header files 2019-09-27 23:58:06 +02:00
ssl_utst.c Reorganize local header files 2019-09-27 23:58:06 +02:00
t1_enc.c Reorganize local header files 2019-09-27 23:58:06 +02:00
t1_lib.c Workaround for Windows-based GOST implementations 2019-11-10 19:23:50 +03:00
t1_trce.c Do not print extensions in Certificate message for TLS1.2 and lower 2019-10-03 10:30:57 +10:00
tls13_enc.c Reorganize local header files 2019-09-27 23:58:06 +02:00
tls_srp.c Reorganize local header files 2019-09-27 23:58:06 +02:00