fix: prevent enabling ktls with a buffered record header fragment #4426
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
goatgoose
approved these changes
Feb 19, 2024
toidiu
reviewed
Feb 21, 2024
Comment on lines
+106
to
107
| RESULT_ENSURE(s2n_stuffer_data_available(&conn->header_in) == 0, S2N_ERR_RECORD_STUFFER_NEEDS_DRAINING); | ||
| RESULT_ENSURE(s2n_stuffer_data_available(&conn->in) == 0, S2N_ERR_RECORD_STUFFER_NEEDS_DRAINING); |
There was a problem hiding this comment.
Can we just use s2n_stuffer_is_consumed? It would avoid the the == 0 and read better. Some of the tests could also be simplified.
Suggested change
| RESULT_ENSURE(s2n_stuffer_data_available(&conn->header_in) == 0, S2N_ERR_RECORD_STUFFER_NEEDS_DRAINING); | |
| RESULT_ENSURE(s2n_stuffer_data_available(&conn->in) == 0, S2N_ERR_RECORD_STUFFER_NEEDS_DRAINING); | |
| RESULT_ENSURE(s2n_stuffer_is_consumed(&conn->header_in), S2N_ERR_RECORD_STUFFER_NEEDS_DRAINING); | |
| RESULT_ENSURE(s2n_stuffer_is_consumed(&conn->in), S2N_ERR_RECORD_STUFFER_NEEDS_DRAINING); |
There was a problem hiding this comment.
The two methods are equivalent. However, from looking at how both are used, s2n_stuffer_is_consumed seems to be used when the memory associated with the buffer is the concern, and s2n_stuffer_data_available seems to be used when whether we can read from the buffer is the concern. From that perspective, we're using the right method here. Dropping "==0" isn't much of a gain, and s2n_stuffer_is_consumed doesn't simplify the tests at all.
toidiu
approved these changes
Feb 21, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
Minor ktls fix. We shouldn't enable ktls with ANY unhandled record data, including a partial header.
conn->header_in could contain data but conn->in not contain data if we blocked while trying to read the full record.
(Turning on ktls switches s2n-tls from parsing encrypted records to decrypted application data, so any partial data won't be handled right after the switch)
Callouts
There are a couple other places where we make similar checks:
Testing:
Updated existing test
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.