fix: corrupt tls handshake caused by buffer over read#39
Merged
PsiACE merged 3 commits intodatabendlabs:mainfrom Mar 9, 2023
Merged
fix: corrupt tls handshake caused by buffer over read#39PsiACE merged 3 commits intodatabendlabs:mainfrom
PsiACE merged 3 commits intodatabendlabs:mainfrom
Conversation
Contributor
Author
|
The audit check error is not related to my changes. |
Merged
2 tasks
Member
|
Oh, there are three places of these codes, but this pr only solves one place? |
Contributor
Author
|
Do you mean the unsafe block? It's not the key issue here. Just because I changed the remaining buffer so the unsafe block in |
sundy-li
approved these changes
Mar 9, 2023
Contributor
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I hereby agree to the terms of the CLA available at: https://databend.rs/dev/policies/cla/
Summary
This change fixes occasional issue with tls handshake. Due to the issue with truncating wrong part of buffer in reader, the
restpart of bytes are dropped. Tls stream will end up with invalid partial handshake packet and throws "received corrupt message" error.Why this only happens on Tls?
Because Tls is the only scenario that client sends two consecutive packets. A normal request-response packet requires reader to read to the end of a packet so it never leaves remaining data.