php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76972 Data truncation due to forceful ssl socket shutdown
Submitted: 2018-10-04 16:40 UTC Modified: -
From: manuel-php at mausz dot at Assigned:
Status: Closed Package: FTP related
PHP Version: 7.1.22 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
49 - 10 = ?
Subscribe to this entry?

 
 [2018-10-04 16:40 UTC] manuel-php at mausz dot at
Description:
------------
With TLS 1.3 session tickets get sent after the handshake has completed (in TLS 1.2 this only happens upon renegotiation). With connections that never read from the socket (like the FTP data connection) this data will never actually be trained. However closing the socket without training (unidirectional shutdown) causes an ECONNRESET on server side which might lead to data truncation.

As explained in https://www.openssl.org/docs/manmaster/man3/SSL_shutdown.html PHP instead should call SSL_read after calling SSL_shutdown until we've received the servers close_notify alert.

For reference see CURLs implementation: https://github.com/curl/curl/blob/e2dd435d473cdc97785df95d032276fafb4b7746/lib/vtls/openssl.c#L1267

As well as https://github.com/openssl/openssl/issues/6904

Test script:
---------------
ProFTPd with OpenSSL 1.1.1 and TLS 1.3.

Script is as simple as: ftp_put($ftp, "dest", "source", FTP_BINARY);

Results in: Transfer aborted. Link to file server lost


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-10-05 16:45 UTC] nikic@php.net
Automatic comment on behalf of manuel@mausz.at
Revision: http://git.php.net/?p=php-src.git;a=commit;h=bb4a2e8bb7fc80fa5b3725508bcc8fea525f059b
Log: Fix #76972: FTP data truncation due to forceful ssl socket shutdown
 [2018-10-05 16:45 UTC] nikic@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Jun 19 04:01:26 2019 UTC