Skip to content

[3.11] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw#108317

Merged
ambv merged 1 commit into
python:3.11from
ambv:cve-2023-40217-3.11
Aug 22, 2023
Merged

[3.11] gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw#108317
ambv merged 1 commit into
python:3.11from
ambv:cve-2023-40217-3.11

Conversation

@ambv

@ambv ambv commented Aug 22, 2023

Copy link
Copy Markdown
Contributor

Instances of ssl.SSLSocket were vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and treating sent unencrypted data as if it were post-handshake TLS encrypted data.

The vulnerability is caused when a socket is connected, data is sent by the malicious peer and stored in a buffer, and then the malicious peer closes the socket within a small timing window before the other peers’ TLS handshake can begin. After this sequence of events the closed socket will not immediately attempt a TLS handshake due to not being connected but will also allow the buffered data to be read as if a successful TLS handshake had occurred.

…ose flaw

Instances of `ssl.SSLSocket` were vulnerable to a bypass of the TLS handshake
and included protections (like certificate verification) and treating sent
unencrypted data as if it were post-handshake TLS encrypted data.

The vulnerability is caused when a socket is connected, data is sent by the
malicious peer and stored in a buffer, and then the malicious peer closes the
socket within a small timing window before the other peers’ TLS handshake can
begin. After this sequence of events the closed socket will not immediately
attempt a TLS handshake due to not being connected but will also allow the
buffered data to be read as if a successful TLS handshake had occurred.

Co-Authored-By: Gregory P. Smith [Google LLC] <greg@krypto.org>
@ambv ambv changed the title gh-108310: Fix CVE-2023-40217: Check for & avoid the ssl pre-close flaw Aug 22, 2023
@ambv ambv merged commit 75a875e into python:3.11 Aug 22, 2023
@ambv ambv deleted the cve-2023-40217-3.11 branch August 22, 2023 18:00
@bedevere-bot

Copy link
Copy Markdown

⚠️⚠️⚠️ Buildbot failure ⚠️⚠️⚠️

Hi! The buildbot AMD64 Windows10 3.11 has failed when building commit 75a875e.

What do you need to do:

  1. Don't panic.
  2. Check the buildbot page in the devguide if you don't know what the buildbots are or how they work.
  3. Go to the page of the buildbot that failed (https://buildbot.python.org/all/#builders/986/builds/1085) and take a look at the build logs.
  4. Check if the failure is related to this commit (75a875e) or if it is a false positive.
  5. If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/all/#builders/986/builds/1085

Summary of the results of the build (if available):

== Tests result: ENV CHANGED ==

402 tests OK.

10 slowest tests:

  • test_multiprocessing_spawn: 3 min 16 sec
  • test_tokenize: 2 min 59 sec
  • test_asyncio: 2 min 25 sec
  • test_unparse: 2 min 23 sec
  • test_peg_generator: 2 min 21 sec
  • test_lib2to3: 2 min 8 sec
  • test_concurrent_futures: 1 min 47 sec
  • test_capi: 1 min 42 sec
  • test_compileall: 1 min 32 sec
  • test_mmap: 1 min 29 sec

1 test altered the execution environment:
test_ssl

31 tests skipped:
test_curses test_dbm_gnu test_dbm_ndbm test_devpoll test_epoll
test_fcntl test_fork1 test_gdb test_grp test_ioctl test_kqueue
test_multiprocessing_fork test_multiprocessing_forkserver test_nis
test_openpty test_ossaudiodev test_pipes test_poll test_posix
test_pty test_pwd test_readline test_resource test_spwd
test_syslog test_threadsignals test_wait3 test_wait4
test_xxlimited test_xxtestfuzz test_zipfile64

Total duration: 17 min 33 sec

Click to see traceback logs
Traceback (most recent call last):
  File "D:\buildarea\3.11.bolen-windows10\build\Lib\threading.py", line 1038, in _bootstrap_inner
    self.run()
  File "D:\buildarea\3.11.bolen-windows10\build\Lib\test\test_ssl.py", line 4945, in run
    conn, address = self.listener.accept()
                    ^^^^^^^^^^^^^^^^^^^^^^
  File "D:\buildarea\3.11.bolen-windows10\build\Lib\socket.py", line 294, in accept
    fd, addr = self._accept()
               ^^^^^^^^^^^^^^
TimeoutError: timed out
k
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants