Hi, I tracked down a tricky bug in dovecot that can cause the imap-login and pop3-login processes to crash on handshake failures. This can be tested by disabling SSLv3 in the dovecot config (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This would cause a crash. What was going on is this: In ssl-proxy-openssl.c in line 545 in the function ssl_step() the function ssl_handshake() is called. There SSL_accept() is called. If SSL_accept failes - because a client sent an invalid packet or something the server doesn't support or any other reason - ssl_handle_error() will be called. ssl_handle_error() will call ssl_proxy_destroy(). ssl_proxy_destroy() will then call ssl_proxy_flush(). And ssl_proxy_flush will call ssl_step() again. Here we have a loop. Now when SSL_accept() gets called again on the same context this is an invalid state for OpenSSL and it crashes. What to do? In essence, if ssl_proxy_destroy is called it shouldn't try to finish the handshake if the handshake hasn't even started due to an error. This can be done by a simple if check, see attached patch. I think this should do it. I have seen that a bug that is probably rootet in this has been posted here before regarding ssl3-disabled configs: http://dovecot.org/pipermail/dovecot/2015-March/100188.html cu, -- Hanno B?ck http://hboeck.de/ mail/jabber: hanno at hboeck.de GPG: BBB51E42 -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot-dont-crash-on-ssl-handshake-failure.diff Type: text/x-patch Size: 421 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20150424/bade681d/attachment.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150424/bade681d/attachment.sig>
Leonardo Rodrigues
2015-Apr-25 00:38 UTC
[patch] TLS Handshake failures can crash imap-login
On 24/04/15 18:17, Hanno B?ck wrote:> Hi, > > I tracked down a tricky bug in dovecot that can cause the imap-login > and pop3-login processes to crash on handshake failures. > This can be tested by disabling SSLv3 in the dovecot config > (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and > forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This > would cause a crash. > >I couldnt reproduce that on a fully patched CentOS 6.6 box [root at correio ~]# cat /etc/redhat-release CentOS release 6.6 (Final) [root at correio ~]# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 [root at correio ~]# dovecot --version 2.2.16 (compiled from sources, not from any binary package) [root at correio ~]# grep ssl_proto /etc/dovecot/extras/10-ssl.conf ssl_protocols = !SSLv2 !SSLv3 from dovecot logs when running the openssl command: Apr 24 21:36:38 correio dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: Disconnected dont know if it matters, but i'm running signed certificated from RapidSSL, not self-signed ones The openssl command returns an error but i see no crash at all [root at correio ~]# openssl s_client -ssl3 -connect localhost:995 CONNECTED(00000003) 140022021363528:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1259:SSL alert number 40 140022021363528:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1429922121 Timeout : 7200 (sec) Verify return code: 0 (ok) --- [root at correio ~]# -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, N?O mandem email gertrudes at solutti.com.br My SPAMTRAP, do not email it
On 24/04/2015 22:17, Hanno B?ck wrote: Hello,> I tracked down a tricky bug in dovecot that can cause the imap-login > and pop3-login processes to crash on handshake failures. > This can be tested by disabling SSLv3 in the dovecot config > (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and > forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This > would cause a crash.Thank you for your work on this.> I have seen that a bug that is probably rootet in this has been posted > here before regarding ssl3-disabled configs: > http://dovecot.org/pipermail/dovecot/2015-March/100188.htmlI made that earlier report. Here is another similar report: http://dovecot.org/pipermail/dovecot/2015-April/100576.html James.
On 04/25/2015 11:55 AM, James wrote:> On 24/04/2015 22:17, Hanno B?ck wrote: > > Hello, > >> I tracked down a tricky bug in dovecot that can cause the imap-login >> and pop3-login processes to crash on handshake failures. >> This can be tested by disabling SSLv3 in the dovecot config >> (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and >> forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This >> would cause a crash. > > Thank you for your work on this. > > >> I have seen that a bug that is probably rootet in this has been posted >> here before regarding ssl3-disabled configs: >> http://dovecot.org/pipermail/dovecot/2015-March/100188.html > > I made that earlier report. Here is another similar report: > > http://dovecot.org/pipermail/dovecot/2015-April/100576.htmlI was unable to reproduce this nor the first report. Could you describe your environment in more detail? What version of openssl do you have? What is the crash message you are seeing? br, Teemu Huovila