On Thu Apr 23 19:51:49 2015, [email protected] wrote: > Hi, > > The only reply I've got on the dovecot list so far believe this to be > an > openssl issue so I'm sending this to you guys. > > I've noticed that nmap crashes imap-login of my dovecot (also > pop3-login) and narrowed it down to `nmap -sV -p 993 $host`. I've > noticed that if I remove "ssl_protocols = !SSLv2 !SSLv3" from my > config > or enable SSLv3 rather than disabling it the segfault disappears.
Thank you for your detailed description of the issue. I suspect I know what the problem is. If I'm correct then its actually OpenSSL being less than forgiving of a dovecot bug. In your capture you can see nmap sending an SSLv3 ClientHello message to OpenSSL, and then OpenSSL responding with a handshake failure alert (as it should do because you have disabled SSLv3). At this point OpenSSL will return to dovecot with a fatal error code. The SSL object for the connection should have no further attempts made to continue to read from it or write to it. If dovecot does so then it is likely to have bad consequences. My suspicion is that dovecot has ignored the returned error and attempted to continue with the connection. If I'm right then this is a dovecot bug to fix. Having said that OpenSSL should probably be more forgiving of this error condition. Please see attached patch for 1.0.2a. If this resolves the issue, then it confirms my suspicions. The patch simply ensures that any subsequent attempt to use the SSL object will immediately return with an error. Let me know how you get on. Matt
>From 3296c9fc237954cdad1cb1d9699ef2bee85c3da6 Mon Sep 17 00:00:00 2001 From: Matt Caswell <[email protected]> Date: Thu, 23 Apr 2015 20:01:33 +0100 Subject: [PATCH] Add Error state Reusing an SSL object when it has encountered a fatal error can have bad consequences. This is a bug in application code not libssl but libssl should be more forgiving and not crash. --- ssl/s3_srvr.c | 5 ++++- ssl/ssl.h | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index c016139..df684d5 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -849,6 +849,7 @@ int ssl3_accept(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -1424,8 +1425,10 @@ int ssl3_get_client_hello(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - } err: + s->state = SSL_ST_ERR; + } + if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); return ret < 0 ? -1 : ret; diff --git a/ssl/ssl.h b/ssl/ssl.h index a6d845d..28437f0 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1727,6 +1727,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) +# define SSL_ST_ERR 0x05 # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 -- 2.1.0
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
