Bug#671672: openssl s_client -starttls xmpp burn cpu with broken server

2016-07-24 Thread Brian May 
Sebastian Andrzej Siewior  writes:

> could someone please verify if this problem still exists in current stable and
> if so if it exists in current experimental version of openssl.
> Upstream rejected the bug so it would be nice to know if this report can be
> closed or not.

Looks fine to me
-- 
Brian May

Bug#671672: openssl s_client -starttls xmpp burn cpu with broken server

2016-07-24 Thread Sebastian Andrzej Siewior 
On 2015-11-04 21:23:03 [+0100], Paul Muster wrote:
> any news on this?
> 
> Shouldn't be a big thing since patch is available and confirmed...

could someone please verify if this problem still exists in current stable and
if so if it exists in current experimental version of openssl.
Upstream rejected the bug so it would be nice to know if this report can be
closed or not.

> Thanks & Greetings,
> 
> Paul

Sebastian

Bug#671672: openssl s_client -starttls xmpp burn cpu with broken server

2015-11-04 Thread Paul Muster 
Dear OpenSSL-Maintainers,

On Wed, 3 Jun 2015 11:25:41 +1000 Brian May wrote:
> On Fri, Apr 25, 2014 at 06:03:00PM +0200, gp wrote:

> > Attached you'll find a patch that supposedly fixes this issue. It is
> > patch 2/4 of this series of patches
> > http://rt.openssl.org/Ticket/Display.html?id=2860.
> > 
> > [openssl.org #2860] [PATCH 2/4] Fix infinite loop on s_client starttls
> > xmpp
> 
> I can confirm that this patch works.
> 
> Any chance of getting this fixed before Stretch is released?

any news on this?

Shouldn't be a big thing since patch is available and confirmed...


Thanks & Greetings,

Paul

Bug#671672: openssl s_client -starttls xmpp burn cpu with broken server

2015-06-02 Thread Brian May 
On Fri, Apr 25, 2014 at 06:03:00PM +0200, gp wrote:
 Attached you'll find a patch that supposedly fixes this issue. It is
 patch 2/4 of this series of patches
 http://rt.openssl.org/Ticket/Display.html?id=2860.
 
 [openssl.org #2860] [PATCH 2/4] Fix infinite loop on s_client starttls
 xmpp

I can confirm that this patch works.

Any chance of getting this fixed before Stretch is released?


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#671672: openssl s_client -starttls xmpp burn cpu with broken server

2014-04-25 Thread gp 
Attached you'll find a patch that supposedly fixes this issue. It is
patch 2/4 of this series of patches
http://rt.openssl.org/Ticket/Display.html?id=2860.

[openssl.org #2860] [PATCH 2/4] Fix infinite loop on s_client starttls
xmpp

From 7dd2afe4b0372555771d8f04be958a37f4f50c49 Mon Sep 17 00:00:00 2001
From: Carlos Alberto Lopez Perez clo...@igalia.com
Date: Mon, 6 Aug 2012 02:00:07 +0200
Subject: [PATCH 2/4] Fix infinite loop on s_client starttls xmpp

 * When the host used in -connect is not what the remote XMPP server expects
   the server will return an error like this:
 stream:error
   host-unknown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/
 /stream:error
 * But the actual code will stay on the loop forever because the stop condition
   /stream:features will never happen,
 * Make this more robust: The stop condition should be that BIO_read failed
 * Test if for example with ::

openssl s_client  -connect random.jabb3r.net:5222 -starttls xmpp
---
 apps/s_client.c |6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index b5dcde5..982794c 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1554,9 +1554,11 @@ SSL_set_tlsext_status_ids(con, ids);
 		while (!strstr(mbuf, starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls') 
 !strstr(mbuf, starttls xmlns=\urn:ietf:params:xml:ns:xmpp-tls\))
 			{
-			if (strstr(mbuf, /stream:features))
-goto shut;
 			seen = BIO_read(sbio,mbuf,BUFSIZZ);
+
+			if (seen = 0)
+goto shut;
+
 			mbuf[seen] = 0;
 			}
 		BIO_printf(sbio, starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/);
-- 
1.7.10.4

Bug#671672: openssl s_client -starttls xmpp burn cpu with broken server

2012-05-05 Thread Jörg Sommer 
Package: openssl
Version: 1.0.1b-1
Severity: normal

Hi,

the following command never stopps. I have to press ^C to come back to
the shell prompt.

% openssl s_client -debug -connect gmx.de:xmpp-client -starttls xmpp /dev/null 
|head -n50
CONNECTED(0003)
write to 0x101aac70 [-0x4079a834] (111 bytes = 111 (0x6F))
 - 3c 73 74 72 65 61 6d 3a-73 74 72 65 61 6d 20 78   stream:stream x
0010 - 6d 6c 6e 73 3a 73 74 72-65 61 6d 3d 27 68 74 74   mlns:stream='htt
0020 - 70 3a 2f 2f 65 74 68 65-72 78 2e 6a 61 62 62 65   p://etherx.jabbe
0030 - 72 2e 6f 72 67 2f 73 74-72 65 61 6d 73 27 20 78   r.org/streams' x
0040 - 6d 6c 6e 73 3d 27 6a 61-62 62 65 72 3a 63 6c 69   mlns='jabber:cli
0050 - 65 6e 74 27 20 74 6f 3d-27 67 6d 78 2e 64 65 27   ent' to='gmx.de'
0060 - 20 76 65 72 73 69 6f 6e-3d 27 31 2e 30 27 3e   version='1.0'
read from 0x101aac70 [0x101a31c0] (8192 bytes = 259 (0x103))
 - 3c 3f 78 6d 6c 20 76 65-72 73 69 6f 6e 3d 27 31   ?xml version='1
0010 - 2e 30 27 3f 3e 3c 73 74-72 65 61 6d 3a 73 74 72   .0'?stream:str
0020 - 65 61 6d 20 78 6d 6c 6e-73 3d 27 6a 61 62 62 65   eam xmlns='jabbe
0030 - 72 3a 63 6c 69 65 6e 74-27 20 78 6d 6c 6e 73 3a   r:client' xmlns:
0040 - 73 74 72 65 61 6d 3d 27-68 74 74 70 3a 2f 2f 65   stream='http://e
0050 - 74 68 65 72 78 2e 6a 61-62 62 65 72 2e 6f 72 67   therx.jabber.org
0060 - 2f 73 74 72 65 61 6d 73-27 20 69 64 3d 27 31 34   /streams' id='14
0070 - 39 35 32 31 33 30 32 37-27 20 66 72 6f 6d 3d 27   95213027' from='
0080 - 67 6d 78 2d 67 6d 62 68-2e 64 65 27 20 78 6d 6c   gmx-gmbh.de' xml
0090 - 3a 6c 61 6e 67 3d 27 65-6e 27 3e 3c 73 74 72 65   :lang='en'stre
00a0 - 61 6d 3a 65 72 72 6f 72-3e 3c 68 6f 73 74 2d 75   am:errorhost-u
00b0 - 6e 6b 6e 6f 77 6e 20 78-6d 6c 6e 73 3d 27 75 72   nknown xmlns='ur
00c0 - 6e 3a 69 65 74 66 3a 70-61 72 61 6d 73 3a 78 6d   n:ietf:params:xm
00d0 - 6c 3a 6e 73 3a 78 6d 70-70 2d 73 74 72 65 61 6d   l:ns:xmpp-stream
00e0 - 73 27 2f 3e 3c 2f 73 74-72 65 61 6d 3a 65 72 72   s'//stream:err
00f0 - 6f 72 3e 3c 2f 73 74 72-65 61 6d 3a 73 74 72 65   or/stream:stre
0100 - 61 6d 3e  am
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
read from 0x101aac70 [0x101a31c0] (8192 bytes = 0 (0x0))
^C

Bye, Jörg.

-- System Information:
Debian Release: unstable/experimental
  APT prefers unstable
  APT policy: (900, 'unstable'), (700, 'experimental')
Architecture: powerpc (ppc)

Kernel: Linux 3.3.0-rc5-04520-g8d233c0
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssl depends on:
ii  libc62.13-31
ii  libssl1.0.0  1.0.1b-1
ii  zlib1g   1:1.2.7.dfsg-1

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates  20120212

-- no debconf information


signature.asc
Description: Digital signature http://en.wikipedia.org/wiki/OpenPGP