Re: [squid-users] Squid 4.0.19 SSLBump Crashes

[Alex Rousskov]

On 05/10/2017 08:32 AM, Deniz Eren wrote:

> I'm testing squid squid-4.0.19-20170508-r15031 when I enable ssl-bump
> in intercept mode, after couple of SSL requests squid crashes


You have discovered one or two Squid bugs:

* Squid should handle exceptions when parsing SSL (without crashing);
* Squid must parse valid SSL (without throwing an exception).

To improve your chances of getting the bugs fixed, I recommend filing a
bug report in Bugzilla and attaching compressed whole-packet
to-and-from-Squid capture, captured while reproducing the problem (as
well as all the other artifacts you have provided, but updated to match
the packet capture).

If you can also test v5, please do so.


Thank you,

Alex.

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid 4.0.19 SSLBump Crashes

[Deniz Eren]

Hi,

I'm testing squid squid-4.0.19-20170508-r15031 when I enable ssl-bump
in intercept mode, after couple of SSL requests squid crashes in
"Parser::BinaryTokenizer::want(unsigned long long, char const*) const
()" function.

OS: CentOS 5
OpenSSL: 1.0.1e-51
g++: 4.8.2-15

I have attached part of debug log,core stack trace and squid.conf.(I
have migrated from 3.5, so there might be non-correct parts in my
squid.conf)

Does something wrong with my compilation or squid.conf; how can I
debug this issue.

Regards,
(gdb) bt
#0  0xf6f9fc80 in __kernel_vsyscall ()
#1  0xf6992b10 in raise () from /lib/libc.so.6
#2  0xf6994421 in abort () from /lib/libc.so.6
#3  0xf6bb2ab0 in __gnu_cxx::__verbose_terminate_handler() () from 
/usr/lib/libstdc++.so.6
#4  0xf6bb0515 in __gxx_personality_v0 () from /usr/lib/libstdc++.so.6
#5  0xf6bb0552 in __gxx_personality_v0 () from /usr/lib/libstdc++.so.6
#6  0xf6bb068a in __cxa_rethrow () from /usr/lib/libstdc++.so.6
#7  0xf7443830 in Parser::BinaryTokenizer::want(unsigned long long, char 
const*) const ()
#8  0xf744571d in Parser::BinaryTokenizer::area(unsigned long long, char 
const*) ()
#9  0xf7445915 in Parser::BinaryTokenizer::pstring16(char const*) ()
#10 0xf73c8238 in 
Security::TLSPlaintext::TLSPlaintext(Parser::BinaryTokenizer&) ()
#11 0xf73c9fa9 in Security::HandshakeParser::parseModernRecord() ()
#12 0xf73ca70d in Security::HandshakeParser::parseRecord() ()
#13 0xf73ca780 in Security::HandshakeParser::parseHello(SBuf const&) ()
#14 0xf73e158c in Ssl::ServerBio::readAndParse(char*, int, bio_st*) ()
#15 0xf73e195a in Ssl::ServerBio::read(char*, int, bio_st*) ()
#16 0xf73de898 in ?? ()
#17 0xf6dd7271 in BIO_read () from /lib/libcrypto.so.10
#18 0xf6f0b98b in ssl23_read_bytes () from /lib/libssl.so.10
#19 0xf6f0a902 in ssl23_connect () from /lib/libssl.so.10
#20 0xf6f1e09a in SSL_connect () from /lib/libssl.so.10
#21 0xf73d1f4d in Security::PeerConnector::negotiate() ()
#22 0xf73d4735 in NullaryMemFunT::doDial() ()
#23 0xf73d510f in JobDialer::dial(AsyncCall&) ()
#24 0xf73d52d2 in AsyncCallT::fire() 
()
#25 0xf73615fb in AsyncCall::make() ()
#26 0xf736616c in AsyncCallQueue::fireNext() ()
#27 0xf7366568 in AsyncCallQueue::fire() ()
#28 0xf7185114 in EventLoop::runOnce() ()
#29 0xf7185228 in EventLoop::run() ()
#30 0xf71fc9f9 in SquidMain(int, char**) ()
#31 0xf70ce209 in main ()
2017/05/10 16:07:57.917 kid1| 5,8| ModEpoll.cc(266) DoSelect: got FD 23 
events=4 monitoring=1c F->read_handler=0 F->write_handler=1
2017/05/10 16:07:57.917 kid1| 5,8| ModEpoll.cc(288) DoSelect: Calling write 
handler on FD 23
2017/05/10 16:07:57.917 kid1| 45,9| cbdata.cc(419) cbdataReferenceValid: 
0xf959c078
2017/05/10 16:07:57.917 kid1| 45,9| cbdata.cc(351) cbdataInternalLock: 
0xf959c078=6
2017/05/10 16:07:57.917 kid1| 45,9| cbdata.cc(419) cbdataReferenceValid: 
0xf959c078
2017/05/10 16:07:57.917 kid1| 45,9| cbdata.cc(351) cbdataInternalLock: 
0xf959c078=7
2017/05/10 16:07:57.917 kid1| 5,4| AsyncCall.cc(26) AsyncCall: The AsyncCall 
Comm::ConnOpener::doConnect constructed, this=0xf9791d88 [call1160]
2017/05/10 16:07:57.917 kid1| 45,9| cbdata.cc(419) cbdataReferenceValid: 
0xf959c078
2017/05/10 16:07:57.917 kid1| 45,9| cbdata.cc(351) cbdataInternalLock: 
0xf959c078=8
2017/05/10 16:07:57.917 kid1| 45,9| cbdata.cc(383) cbdataInternalUnlock: 
0xf959c078=7
2017/05/10 16:07:57.917 kid1| 45,9| cbdata.cc(383) cbdataInternalUnlock: 
0xf959c078=6
2017/05/10 16:07:57.917 kid1| 5,4| AsyncCall.cc(93) ScheduleCall: 
ConnOpener.cc(463) will call Comm::ConnOpener::doConnect() [call1160]
2017/05/10 16:07:57.918 kid1| 45,9| cbdata.cc(383) cbdataInternalUnlock: 
0xf959c078=5
2017/05/10 16:07:57.918 kid1| 5,4| AsyncCallQueue.cc(55) fireNext: entering 
Comm::ConnOpener::doConnect()
2017/05/10 16:07:57.918 kid1| 5,4| AsyncCall.cc(38) make: make call 
Comm::ConnOpener::doConnect [call1160]
2017/05/10 16:07:57.918 kid1| 45,9| cbdata.cc(419) cbdataReferenceValid: 
0xf959c078
2017/05/10 16:07:57.918 kid1| 45,9| cbdata.cc(419) cbdataReferenceValid: 
0xf959c078
2017/05/10 16:07:57.918 kid1| 45,9| cbdata.cc(419) cbdataReferenceValid: 
0xf959c078
2017/05/10 16:07:57.918 kid1| 45,9| cbdata.cc(419) cbdataReferenceValid: 
0xf959c078
2017/05/10 16:07:57.918 kid1| 5,4| AsyncJob.cc(123) callStart: Comm::ConnOpener 
status in: [ job139]
2017/05/10 16:07:57.918 kid1| 45,9| cbdata.cc(419) cbdataReferenceValid: 
0xf959c078
2017/05/10 16:07:57.918 kid1| 5,9| comm.cc(608) comm_connect_addr: connecting 
socket FD 23 to 192.229.233.50:443 (want family: 2)
2017/05/10 16:07:57.918 kid1| 5,9| comm.cc(714) comm_connect_addr: 
comm_connect_addr: FD 23 connected to 192.229.233.50:443
2017/05/10 16:07:57.918 kid1| 5,5| ConnOpener.cc(350) doConnect: local=0.0.0.0 
remote=192.229.233.50:443 flags=1: Comm::OK - connected
2017/05/10 16:07:57.918 kid1| 5,4| ConnOpener.cc(155) cleanFd: local=0.0.0.0 
remote=192.229.233.50:443 flags=1 closing temp FD 23
2017/05/10 16:07:57.918 kid1| 5,5| ModEpoll.cc(117) SetSelect: FD 23, type=2,