php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #76972 Data truncation due to forceful ssl socket shutdown
Submitted: 2018-10-04 16:40 UTC Modified: -
From: manuel-php at mausz dot at Assigned:
Status: Closed Package: FTP related
PHP Version: 7.1.22 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
 [2018-10-04 16:40 UTC] manuel-php at mausz dot at 
Description:
------------
With TLS 1.3 session tickets get sent after the handshake has completed (in TLS 1.2 this only happens upon renegotiation). With connections that never read from the socket (like the FTP data connection) this data will never actually be trained. However closing the socket without training (unidirectional shutdown) causes an ECONNRESET on server side which might lead to data truncation.

As explained in https://www.openssl.org/docs/manmaster/man3/SSL_shutdown.html PHP instead should call SSL_read after calling SSL_shutdown until we've received the servers close_notify alert.

For reference see CURLs implementation: https://github.com/curl/curl/blob/e2dd435d473cdc97785df95d032276fafb4b7746/lib/vtls/openssl.c#L1267

As well as https://github.com/openssl/openssl/issues/6904

Test script:
---------------
ProFTPd with OpenSSL 1.1.1 and TLS 1.3.

Script is as simple as: ftp_put($ftp, "dest", "source", FTP_BINARY);

Results in: Transfer aborted. Link to file server lost

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-10-05 16:45 UTC] nikic@php.net 
Automatic comment on behalf of manuel@mausz.at
Revision: http://git.php.net/?p=php-src.git;a=commit;h=bb4a2e8bb7fc80fa5b3725508bcc8fea525f059b
Log: Fix #76972: FTP data truncation due to forceful ssl socket shutdown
 [2018-10-05 16:45 UTC] nikic@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 09:01:32 2024 UTC