Published
Last updated
rust-openssl ssl::select_next_proto use after free
ssl::select_next_proto
can return a slice pointing into the server
argument's buffer but with a lifetime bound to the client
argument. In situations where the server
buffer's lifetime is shorter than the client
buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client.
openssl
0.10.70 fixes the signature of ssl::select_next_proto
to properly constrain the output buffer's lifetime to that of both input buffers.
In standard usage of ssl::select_next_proto
in the callback passed to SslContextBuilder::set_alpn_select_callback
, code is only affected if the server
buffer is constructed within the callback. For example:
Not vulnerable - the server buffer has a 'static
lifetime:
Not vulnerable - the server buffer outlives the handshake:
Vulnerable - the server buffer is freed when the callback returns: