Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/7.0-rc1] hold reference to SslContextHandle to prevent crashes #74367

Merged
merged 2 commits into from
Aug 23, 2022
Merged

[release/7.0-rc1] hold reference to SslContextHandle to prevent crashes #74367

merged 2 commits into from
Aug 23, 2022

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Aug 22, 2022
edited by karelz
Loading

Backport of #73972 to release/7.0-rc1
Fixes #69125, #73621

/cc @wfurt

Customer Impact

This is fix for native crashes we seen in #73621 and #69125. However the root problem is in SslStream native shim so any application using SslStream on Linux may hit same problem unless TLS resume is explicitly disabled.
Without it, we may corrupt native memory and that can lead to hard crash or other weird behavior.

Testing

I was not able to reproduce the crashes locally. There is no single occurrence in main CI since the fix was submitted week ago. We did not see any new issue in SslStream tests and surrounding ares (HTTP*)

Risk

We hold extra reference to safe handle to prevent cleanup when still in use. This could possibly lead to leak if something goes wrong. This whole logic (as well as the crash) can be avoided via bypass switch if needed.

wfurt and others added 2 commits August 22, 2022 18:07
@ghost
Copy link

ghost commented Aug 22, 2022

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Backport of #73972 to release/7.0-rc1

/cc @wfurt

Customer Impact

Testing

Risk

IMPORTANT: Is this backport for a servicing release? If so and this change touches code that ships in a NuGet package, please make certain that you have added any necessary package authoring and gotten it explicitly reviewed.

Author: github-actions[bot]
Assignees: -
Labels:

area-System.Security
Milestone: -

@wfurt wfurt requested a review from a team August 22, 2022 18:22
@danmoseley
Copy link
Member

Approved - crash, mainstream

@hoyosjs hoyosjs merged commit 7193b90 into release/7.0-rc1 Aug 23, 2022
@karelz karelz added this to the 7.0.0 milestone Aug 23, 2022
This was referenced Aug 23, 2022
Closed
Closed
@hoyosjs hoyosjs deleted the backport/pr-73972-to-release/7.0-rc1 branch August 23, 2022 20:40
@ghost ghost locked as resolved and limited conversation to collaborators Sep 25, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@carlossanlop carlossanlop carlossanlop approved these changes

Assignees

@carlossanlop carlossanlop

@danmoseley danmoseley

Labels
area-System.Net.Security
Projects
None yet
Milestone
7.0.0
Development

Successfully merging this pull request may close these issues.
5 participants
@danmoseley @carlossanlop @karelz @hoyosjs @wfurt