php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76972 Data truncation due to forceful ssl socket shutdown
Submitted: 2018-10-04 16:40 UTC Modified: -
From: manuel-php at mausz dot at Assigned:
Status: Closed Package: FTP related
PHP Version: 7.1.22 OS: Linux
Private report: No CVE-ID: None
 [2018-10-04 16:40 UTC] manuel-php at mausz dot at
Description:
------------
With TLS 1.3 session tickets get sent after the handshake has completed (in TLS 1.2 this only happens upon renegotiation). With connections that never read from the socket (like the FTP data connection) this data will never actually be trained. However closing the socket without training (unidirectional shutdown) causes an ECONNRESET on server side which might lead to data truncation.

As explained in https://www.openssl.org/docs/manmaster/man3/SSL_shutdown.html PHP instead should call SSL_read after calling SSL_shutdown until we've received the servers close_notify alert.

For reference see CURLs implementation: https://github.com/curl/curl/blob/e2dd435d473cdc97785df95d032276fafb4b7746/lib/vtls/openssl.c#L1267

As well as https://github.com/openssl/openssl/issues/6904

Test script:
---------------
ProFTPd with OpenSSL 1.1.1 and TLS 1.3.

Script is as simple as: ftp_put($ftp, "dest", "source", FTP_BINARY);

Results in: Transfer aborted. Link to file server lost


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-10-05 16:45 UTC] nikic@php.net
Automatic comment on behalf of manuel@mausz.at
Revision: http://git.php.net/?p=php-src.git;a=commit;h=bb4a2e8bb7fc80fa5b3725508bcc8fea525f059b
Log: Fix #76972: FTP data truncation due to forceful ssl socket shutdown
 [2018-10-05 16:45 UTC] nikic@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Wed Nov 14 15:01:27 2018 UTC