ssl: Handle really big handshake packages

If a handshake message is really big it could happen that the ssl process would hang due to failing of requesting more data from the socket. This has been fixed. Also added option to limit max handshake size. It has a default value that should be big enough to handle normal usage and small enough to mitigate DoS attacks.
author: Ingela Anderton Andin <[email protected]> 2016-12-22 23:05:10 +0100
committer: Ingela Anderton Andin <[email protected]> 2017-01-17 09:59:22 +0100
commit: 1364c7308e17d43d1a2244e3f2bf11cfec3789ef (patch)
tree: eac3ed9408e6e5873c9821193c0a0ebd4bddf8b6 /lib
parent: 605a4627a7383829559a1595457b860c1317da48 (diff)
download: otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.tar.gz
otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.tar.bz2
otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.zip
6 files changed, 83 insertions, 15 deletions
diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index edc7e0d8b2..916b41742e 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -424,6 +424,14 @@ marker="public_key:public_key#pkix_path_validation-3">public_key:pkix_path_valid
 	    </taglist>
 
 	  </item>
+
+	  <tag><c>max_handshake_size</c></tag>
+	  <item>
+	    <p>Integer (24 bits unsigned). Used to limit the size of
+	    valid TLS handshake packets to avoid DoS attacks.
+	    Defaults to 256*1024.</p>
+          </item>
+          
 	</taglist>
 
       </item>
diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl
index c72ee44a95..0b7229b67e 100644
--- a/lib/ssl/src/ssl.erl
+++ b/lib/ssl/src/ssl.erl
@@ -765,7 +765,8 @@ handle_options(Opts0, Role) ->
 					     client, Role),
 		    crl_check = handle_option(crl_check, Opts, false),
 		    crl_cache = handle_option(crl_cache, Opts, {ssl_crl_cache, {internal, []}}),
-		    v2_hello_compatible = handle_option(v2_hello_compatible, Opts, false)
+		    v2_hello_compatible = handle_option(v2_hello_compatible, Opts, false),
+                    max_handshake_size = handle_option(max_handshake_size, Opts, ?DEFAULT_MAX_HANDSHAKE_SIZE)
 		   },
 
     CbInfo  = proplists:get_value(cb_info, Opts, default_cb_info(Protocol)),
@@ -780,7 +781,8 @@ handle_options(Opts0, Role) ->
 		  alpn_preferred_protocols, next_protocols_advertised,
 		  client_preferred_next_protocols, log_alert,
 		  server_name_indication, honor_cipher_order, padding_check, crl_check, crl_cache,
-		  fallback, signature_algs, eccs, honor_ecc_order, beast_mitigation, v2_hello_compatible],
+		  fallback, signature_algs, eccs, honor_ecc_order, beast_mitigation, v2_hello_compatible,
+                  max_handshake_size],
 
     SockOpts = lists:foldl(fun(Key, PropList) ->
 				   proplists:delete(Key, PropList)
@@ -1028,6 +1030,8 @@ validate_option(beast_mitigation, Value) when Value == one_n_minus_one orelse
   Value;
 validate_option(v2_hello_compatible, Value) when is_boolean(Value)  ->
     Value;
+validate_option(max_handshake_size, Value) when is_integer(Value)  andalso Value =< ?MAX_UNIT24 ->
+    Value;
 validate_option(Opt, Value) ->
     throw({error, {options, {Opt, Value}}}).
 
diff --git a/lib/ssl/src/ssl_handshake.hrl b/lib/ssl/src/ssl_handshake.hrl
index fde92035a2..324b7dbde3 100644
--- a/lib/ssl/src/ssl_handshake.hrl
+++ b/lib/ssl/src/ssl_handshake.hrl
@@ -80,6 +80,9 @@
 -define(CLIENT_KEY_EXCHANGE, 16).
 -define(FINISHED, 20).
 
+-define(MAX_UNIT24, 8388607).
+-define(DEFAULT_MAX_HANDSHAKE_SIZE,  (256*1024)).
+
 -record(random, {
 	  gmt_unix_time, % uint32
 	  random_bytes   % opaque random_bytes[28]
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index 98b89bb811..c34af9f82c 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -142,7 +142,8 @@
 	  signature_algs,
 	  eccs,
 	  honor_ecc_order            :: boolean(),
-	  v2_hello_compatible        :: boolean()
+	  v2_hello_compatible        :: boolean(),
+          max_handshake_size         :: integer()
 	  }).
 
 -record(socket_options,
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 32991d3079..77606911be 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -424,18 +424,26 @@ handle_common_event(internal,  #ssl_tls{type = ?HANDSHAKE, fragment = Data},
 				      ssl_options = Options} = State0) ->
     try
 	{Packets, Buf} = tls_handshake:get_tls_handshake(Version,Data,Buf0, Options),
-	State =
+	State1 =
 	    State0#state{protocol_buffers =
 			     Buffers#protocol_buffers{tls_handshake_buffer = Buf}},
-	Events = tls_handshake_events(Packets),
-	case StateName of
-	    connection ->
-		ssl_connection:hibernate_after(StateName, State, Events);
-	    _ ->
-		{next_state, StateName, State#state{unprocessed_handshake_events = unprocessed_events(Events)}, Events}
-	end
+	case Packets of
+            [] -> 
+                assert_buffer_sanity(Buf, Options),
+                {Record, State} = next_record(State1),
+                next_event(StateName, Record, State);
+            _ ->                
+                Events = tls_handshake_events(Packets),
+                case StateName of
+                    connection ->
+                        ssl_connection:hibernate_after(StateName, State1, Events);
+                    _ ->
+                        {next_state, StateName, 
+                         State1#state{unprocessed_handshake_events = unprocessed_events(Events)}, Events}
+                end
+        end
     catch throw:#alert{} = Alert ->
-	    ssl_connection:handle_own_alert(Alert, Version, StateName, State0)
+            ssl_connection:handle_own_alert(Alert, Version, StateName, State0)
     end;
 %%% TLS record protocol level application data messages 
 handle_common_event(internal, #ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, StateName, State) ->
@@ -615,8 +623,6 @@ next_event(StateName, Record, State, Actions) ->
 	    {next_state, StateName, State, [{next_event, internal, Alert} | Actions]}
     end.
 
-tls_handshake_events([]) ->
-    throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, malformed_handshake));
 tls_handshake_events(Packets) ->
     lists:map(fun(Packet) ->
 		      {next_event, internal, {handshake, Packet}}
@@ -735,3 +741,25 @@ unprocessed_events(Events) ->
     %% handshake events left to process before we should
     %% process more TLS-records received on the socket. 
     erlang:length(Events)-1.
+
+
+assert_buffer_sanity(<<?BYTE(_Type), ?UINT24(Length), Rest/binary>>, #ssl_options{max_handshake_size = Max}) when 
+      Length =< Max ->  
+    case size(Rest) of
+        N when N < Length ->
+            true;
+        N when N > Length ->       
+            throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, 
+                             too_big_handshake_data));
+        _ ->
+            throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, 
+                             malformed_handshake_data))  
+    end;  
+assert_buffer_sanity(Bin, _) ->
+    case size(Bin) of
+        N when N < 3 ->
+            true;
+        _ ->       
+            throw(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE, 
+                             malformed_handshake_data))
+    end.  
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index 52c1af5b4c..de5895d7ba 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -136,7 +136,8 @@ options_tests() ->
      honor_server_cipher_order,
      honor_client_cipher_order,
      unordered_protocol_versions_server,
-     unordered_protocol_versions_client
+     unordered_protocol_versions_client,
+     max_handshake_size
 ].
 
 options_tests_tls() ->
@@ -3860,6 +3861,29 @@ unordered_protocol_versions_client(Config) when is_list(Config) ->
     ssl_test_lib:check_result(Server, ServerMsg, Client, ClientMsg).
   
 %%--------------------------------------------------------------------
+max_handshake_size() ->
+    [{doc,"Test that we can set max_handshake_size to max value."}].
+
+max_handshake_size(Config) when is_list(Config) -> 
+    ClientOpts = ssl_test_lib:ssl_options(client_opts, Config),
+    ServerOpts = ssl_test_lib:ssl_options(server_opts, Config),  
+
+    {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+    Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0}, 
+					{from, self()}, 
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+					{options,  [{max_handshake_size, 8388607} |ServerOpts]}]),
+    Port = ssl_test_lib:inet_port(Server),
+    
+    Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port}, 
+					{host, Hostname},
+					{from, self()}, 
+					{mfa, {ssl_test_lib, send_recv_result_active, []}},
+					{options, [{max_handshake_size, 8388607} | ClientOpts]}]),
+ 
+    ssl_test_lib:check_result(Server, ok, Client, ok).
+  
+%%--------------------------------------------------------------------
 
 server_name_indication_option() ->
     [{doc,"Test API server_name_indication option to connect."}].
author	Ingela Anderton Andin <[email protected]>	2016-12-22 23:05:10 +0100
committer	Ingela Anderton Andin <[email protected]>	2017-01-17 09:59:22 +0100
commit	1364c7308e17d43d1a2244e3f2bf11cfec3789ef (patch)
tree	eac3ed9408e6e5873c9821193c0a0ebd4bddf8b6 /lib
parent	605a4627a7383829559a1595457b860c1317da48 (diff)
download	otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.tar.gz otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.tar.bz2 otp-1364c7308e17d43d1a2244e3f2bf11cfec3789ef.zip