From: Frédéric Lécaille Date: Thu, 7 Dec 2023 20:12:02 +0000 (+0100) Subject: BUG/MEDIUM: quic: Possible buffer overflow when building TLS records X-Git-Tag: v3.0-dev1~114 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c075e4f2fc9e662459f7ab0ce8e13b70c059334a;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: quic: Possible buffer overflow when building TLS records This bug impacts only the OpenSSL QUIC compatibility module (USE_QUIC_OPENSSL_COMPAT). This may happen only when the TLS stack has to be provided with more than 1024+1+5+16 bytes of CRYPTO data. In this case several TLS records have to be built in one call to SSL_provide_quic_data(). A 5-bytes header is created at the head of these records. This header is used as AAD to cipher the record. But the length of this AAD was counted two times. One time here in quic_tls_compat_create_record() (initialization): adlen = quic_tls_compat_create_header(qc, rec, ad, 0); and a second time here in the same function after quic_tls_tls_seal() return: ret = aad_len + outlen; This addition is useless. Note that this bug could be reproduced when haproxy has to authenticate the client. Thank you to @vifino for having reported this issue in GH #2381. Must be backported to 2.8. --- diff --git a/src/quic_openssl_compat.c b/src/quic_openssl_compat.c index 24031459e2..3760bbcf2c 100644 --- a/src/quic_openssl_compat.c +++ b/src/quic_openssl_compat.c @@ -347,7 +347,7 @@ static int quic_tls_compat_create_record(struct quic_conn *qc, nonce, rec->payload, rec->payload_len, ad, adlen)) goto leave; - ret = adlen + outlen; + ret = outlen; leave: TRACE_LEAVE(QUIC_EV_CONN_SSL_COMPAT, qc); return ret;