From c075e4f2fc9e662459f7ab0ce8e13b70c059334a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Thu, 7 Dec 2023 21:12:02 +0100 Subject: [PATCH] BUG/MEDIUM: quic: Possible buffer overflow when building TLS records This bug impacts only the OpenSSL QUIC compatibility module (USE_QUIC_OPENSSL_COMPAT). This may happen only when the TLS stack has to be provided with more than 1024+1+5+16 bytes of CRYPTO data. In this case several TLS records have to be built in one call to SSL_provide_quic_data(). A 5-bytes header is created at the head of these records. This header is used as AAD to cipher the record. But the length of this AAD was counted two times. One time here in quic_tls_compat_create_record() (initialization): adlen = quic_tls_compat_create_header(qc, rec, ad, 0); and a second time here in the same function after quic_tls_tls_seal() return: ret = aad_len + outlen; This addition is useless. Note that this bug could be reproduced when haproxy has to authenticate the client. Thank you to @vifino for having reported this issue in GH #2381. Must be backported to 2.8. --- src/quic_openssl_compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/quic_openssl_compat.c b/src/quic_openssl_compat.c index 24031459e..3760bbcf2 100644 --- a/src/quic_openssl_compat.c +++ b/src/quic_openssl_compat.c @@ -347,7 +347,7 @@ static int quic_tls_compat_create_record(struct quic_conn *qc, nonce, rec->payload, rec->payload_len, ad, adlen)) goto leave; - ret = adlen + outlen; + ret = outlen; leave: TRACE_LEAVE(QUIC_EV_CONN_SSL_COMPAT, qc); return ret;