Fixes MAISTRA-1168: added implementation of boringssl function SSL_get_peer_full_cert_chain #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…t_peer_full_cert_chain
dgn
approved these changes
Feb 13, 2020
There was a problem hiding this comment.
Interesting. Had a quick look at the boringssl code, they also mention this behaviour.
|
@dgn: Yep, noticed it too. |
dmitri-d
added a commit
to dmitri-d/maistra-envoy
that referenced
this pull request
May 8, 2020
8f2ed86 Tim Walsh Tue Mar 31 03:42:57 2020 +1000 Fix for dual certificate issue MAISTRA-1142 (maistra#10) 13d2925 Dmitri Dolguikh Thu Mar 26 14:00:00 2020 -0700 Fixes MAISTRA-1299: fix ASSERT failure and infinite loop when attempting to unset readDisable state on a closed connection, part 2 (maistra#11) a939c3c Dmitri Dolguikh Wed Mar 25 14:22:39 2020 -0700 Fixes MAISTRA-1299: fix ASSERT failure and infinite loop when attempting to unset readDisable state on a closed connection (maistra#9) 09d777a Jonh Wendell Mon Mar 16 18:42:04 2020 -0400 Merge pull request maistra#8 from jwendell/MAISTRA-1275 362b623 Jonh Wendell Mon Mar 16 18:33:04 2020 -0400 MAISTRA-1275: Write "OpenSSL" into envoy --version 6110125 Dmitri Dolguikh Fri Mar 13 10:43:59 2020 -0700 Merge pull request maistra#7 from dmitri-d/maistra-1.1-upstream-release-1.4.6-patch 7f1eb1e Dmitri Dolguikh Thu Mar 12 16:19:25 2020 -0700 Removed no longer relevant comments from tls_inspector_test 8ccac21 Dmitri Dolguikh Thu Mar 12 10:49:01 2020 -0700 Fixing alpn detection in tls_inspector cf0f50b Dmitri Dolguikh Thu Mar 12 14:10:23 2020 -0700 Updated bssl_wrapper to latest version fac23c0 Dmitri Dolguikh Thu Mar 12 14:38:36 2020 -0700 Merge branch 'upstream-release-1.4.6-patch' into maistra-1.1 0b12b16 Dmitri Dolguikh Mon Mar 9 10:55:57 2020 -0700 Fixes MAISTRA-1226: added support for importPublicKey in lua filter (maistra#6) e6e28d9 Dmitri Dolguikh Fri Feb 28 14:59:58 2020 -0800 added an explanation why DynamicOpentracingHttpTracer has been disabled (maistra#5) 7e50506 Dmitri Dolguikh Fri Feb 28 14:58:46 2020 -0800 added an explanation why DynamicOpentracingHttpTracer has been disabled (maistra#4) 7fe1986 Dmitri Dolguikh Fri Feb 28 14:57:44 2020 -0800 Fixes MAISTRA-1167: RetryHostPredicateFilter in protocol_integration_test suite passes now (maistra#3) 2c5d27e Dmitri Dolguikh Fri Feb 14 12:50:21 2020 -0800 Fixes MAISTRA-1167: //test/extensions/filters/listener/proxy_protocol:proxy_protocol_test is passing now (maistra#2) 7d0995a Dmitri Dolguikh Fri Feb 14 12:49:59 2020 -0800 Merge pull request maistra#1 from dmitri-d/fix-1168-certchain ff116fa Dmitri Dolguikh Wed Feb 12 15:29:31 2020 -0800 Fixes MAISTRA-1168: added implementation of boringssl function SSL_get_peer_full_cert_chain 72c81ba Dmitri Dolguikh Tue Feb 11 16:27:50 2020 -0800 Updated jwt_verification_lib to the latest version 487d30c Dmitri Dolguikh Tue Feb 11 09:19:53 2020 -0800 Updated for maistra-1.1 release 071457c Dmitri Dolguikh Tue Feb 4 15:32:41 2020 -0800 updated to support openssl Signed-off-by: Dmitri Dolguikh <[email protected]>
dmitri-d
added a commit
to dmitri-d/maistra-envoy
that referenced
this pull request
May 8, 2020
8f2ed86 Tim Walsh Tue Mar 31 03:42:57 2020 +1000 Fix for dual certificate issue MAISTRA-1142 (maistra#10) 13d2925 Dmitri Dolguikh Thu Mar 26 14:00:00 2020 -0700 Fixes MAISTRA-1299: fix ASSERT failure and infinite loop when attempting to unset readDisable state on a closed connection, part 2 (maistra#11) a939c3c Dmitri Dolguikh Wed Mar 25 14:22:39 2020 -0700 Fixes MAISTRA-1299: fix ASSERT failure and infinite loop when attempting to unset readDisable state on a closed connection (maistra#9) 09d777a Jonh Wendell Mon Mar 16 18:42:04 2020 -0400 Merge pull request maistra#8 from jwendell/MAISTRA-1275 362b623 Jonh Wendell Mon Mar 16 18:33:04 2020 -0400 MAISTRA-1275: Write "OpenSSL" into envoy --version 6110125 Dmitri Dolguikh Fri Mar 13 10:43:59 2020 -0700 Merge pull request maistra#7 from dmitri-d/maistra-1.1-upstream-release-1.4.6-patch 7f1eb1e Dmitri Dolguikh Thu Mar 12 16:19:25 2020 -0700 Removed no longer relevant comments from tls_inspector_test 8ccac21 Dmitri Dolguikh Thu Mar 12 10:49:01 2020 -0700 Fixing alpn detection in tls_inspector cf0f50b Dmitri Dolguikh Thu Mar 12 14:10:23 2020 -0700 Updated bssl_wrapper to latest version fac23c0 Dmitri Dolguikh Thu Mar 12 14:38:36 2020 -0700 Merge branch 'upstream-release-1.4.6-patch' into maistra-1.1 0b12b16 Dmitri Dolguikh Mon Mar 9 10:55:57 2020 -0700 Fixes MAISTRA-1226: added support for importPublicKey in lua filter (maistra#6) e6e28d9 Dmitri Dolguikh Fri Feb 28 14:59:58 2020 -0800 added an explanation why DynamicOpentracingHttpTracer has been disabled (maistra#5) 7e50506 Dmitri Dolguikh Fri Feb 28 14:58:46 2020 -0800 added an explanation why DynamicOpentracingHttpTracer has been disabled (maistra#4) 7fe1986 Dmitri Dolguikh Fri Feb 28 14:57:44 2020 -0800 Fixes MAISTRA-1167: RetryHostPredicateFilter in protocol_integration_test suite passes now (maistra#3) 2c5d27e Dmitri Dolguikh Fri Feb 14 12:50:21 2020 -0800 Fixes MAISTRA-1167: //test/extensions/filters/listener/proxy_protocol:proxy_protocol_test is passing now (maistra#2) 7d0995a Dmitri Dolguikh Fri Feb 14 12:49:59 2020 -0800 Merge pull request maistra#1 from dmitri-d/fix-1168-certchain ff116fa Dmitri Dolguikh Wed Feb 12 15:29:31 2020 -0800 Fixes MAISTRA-1168: added implementation of boringssl function SSL_get_peer_full_cert_chain 72c81ba Dmitri Dolguikh Tue Feb 11 16:27:50 2020 -0800 Updated jwt_verification_lib to the latest version 487d30c Dmitri Dolguikh Tue Feb 11 09:19:53 2020 -0800 Updated for maistra-1.1 release 071457c Dmitri Dolguikh Tue Feb 4 15:32:41 2020 -0800 updated to support openssl Signed-off-by: Dmitri Dolguikh <[email protected]>
dmitri-d
pushed a commit
that referenced
this pull request
May 14, 2020
* Changes and fixes to support OpenSSL 8f2ed86 Tim Walsh Tue Mar 31 03:42:57 2020 +1000 Fix for dual certificate issue MAISTRA-1142 (#10) 13d2925 Dmitri Dolguikh Thu Mar 26 14:00:00 2020 -0700 Fixes MAISTRA-1299: fix ASSERT failure and infinite loop when attempting to unset readDisable state on a closed connection, part 2 (#11) a939c3c Dmitri Dolguikh Wed Mar 25 14:22:39 2020 -0700 Fixes MAISTRA-1299: fix ASSERT failure and infinite loop when attempting to unset readDisable state on a closed connection (#9) 09d777a Jonh Wendell Mon Mar 16 18:42:04 2020 -0400 Merge pull request #8 from jwendell/MAISTRA-1275 362b623 Jonh Wendell Mon Mar 16 18:33:04 2020 -0400 MAISTRA-1275: Write "OpenSSL" into envoy --version 6110125 Dmitri Dolguikh Fri Mar 13 10:43:59 2020 -0700 Merge pull request #7 from dmitri-d/maistra-1.1-upstream-release-1.4.6-patch 7f1eb1e Dmitri Dolguikh Thu Mar 12 16:19:25 2020 -0700 Removed no longer relevant comments from tls_inspector_test 8ccac21 Dmitri Dolguikh Thu Mar 12 10:49:01 2020 -0700 Fixing alpn detection in tls_inspector cf0f50b Dmitri Dolguikh Thu Mar 12 14:10:23 2020 -0700 Updated bssl_wrapper to latest version fac23c0 Dmitri Dolguikh Thu Mar 12 14:38:36 2020 -0700 Merge branch 'upstream-release-1.4.6-patch' into maistra-1.1 0b12b16 Dmitri Dolguikh Mon Mar 9 10:55:57 2020 -0700 Fixes MAISTRA-1226: added support for importPublicKey in lua filter (#6) e6e28d9 Dmitri Dolguikh Fri Feb 28 14:59:58 2020 -0800 added an explanation why DynamicOpentracingHttpTracer has been disabled (#5) 7e50506 Dmitri Dolguikh Fri Feb 28 14:58:46 2020 -0800 added an explanation why DynamicOpentracingHttpTracer has been disabled (#4) 7fe1986 Dmitri Dolguikh Fri Feb 28 14:57:44 2020 -0800 Fixes MAISTRA-1167: RetryHostPredicateFilter in protocol_integration_test suite passes now (#3) 2c5d27e Dmitri Dolguikh Fri Feb 14 12:50:21 2020 -0800 Fixes MAISTRA-1167: //test/extensions/filters/listener/proxy_protocol:proxy_protocol_test is passing now (#2) 7d0995a Dmitri Dolguikh Fri Feb 14 12:49:59 2020 -0800 Merge pull request #1 from dmitri-d/fix-1168-certchain ff116fa Dmitri Dolguikh Wed Feb 12 15:29:31 2020 -0800 Fixes MAISTRA-1168: added implementation of boringssl function SSL_get_peer_full_cert_chain 72c81ba Dmitri Dolguikh Tue Feb 11 16:27:50 2020 -0800 Updated jwt_verification_lib to the latest version 487d30c Dmitri Dolguikh Tue Feb 11 09:19:53 2020 -0800 Updated for maistra-1.1 release 071457c Dmitri Dolguikh Tue Feb 4 15:32:41 2020 -0800 updated to support openssl Signed-off-by: Dmitri Dolguikh <[email protected]> * Fixed failing tests * Fixed failing tests * Removed todos that have been completed
knrc
pushed a commit
to knrc/envoy
that referenced
this pull request
Jan 14, 2021
* Changes and fixes to support OpenSSL 8f2ed86 Tim Walsh Tue Mar 31 03:42:57 2020 +1000 Fix for dual certificate issue MAISTRA-1142 (maistra#10) 13d2925 Dmitri Dolguikh Thu Mar 26 14:00:00 2020 -0700 Fixes MAISTRA-1299: fix ASSERT failure and infinite loop when attempting to unset readDisable state on a closed connection, part 2 (maistra#11) a939c3c Dmitri Dolguikh Wed Mar 25 14:22:39 2020 -0700 Fixes MAISTRA-1299: fix ASSERT failure and infinite loop when attempting to unset readDisable state on a closed connection (maistra#9) 09d777a Jonh Wendell Mon Mar 16 18:42:04 2020 -0400 Merge pull request maistra#8 from jwendell/MAISTRA-1275 362b623 Jonh Wendell Mon Mar 16 18:33:04 2020 -0400 MAISTRA-1275: Write "OpenSSL" into envoy --version 6110125 Dmitri Dolguikh Fri Mar 13 10:43:59 2020 -0700 Merge pull request maistra#7 from dmitri-d/maistra-1.1-upstream-release-1.4.6-patch 7f1eb1e Dmitri Dolguikh Thu Mar 12 16:19:25 2020 -0700 Removed no longer relevant comments from tls_inspector_test 8ccac21 Dmitri Dolguikh Thu Mar 12 10:49:01 2020 -0700 Fixing alpn detection in tls_inspector cf0f50b Dmitri Dolguikh Thu Mar 12 14:10:23 2020 -0700 Updated bssl_wrapper to latest version fac23c0 Dmitri Dolguikh Thu Mar 12 14:38:36 2020 -0700 Merge branch 'upstream-release-1.4.6-patch' into maistra-1.1 0b12b16 Dmitri Dolguikh Mon Mar 9 10:55:57 2020 -0700 Fixes MAISTRA-1226: added support for importPublicKey in lua filter (maistra#6) e6e28d9 Dmitri Dolguikh Fri Feb 28 14:59:58 2020 -0800 added an explanation why DynamicOpentracingHttpTracer has been disabled (maistra#5) 7e50506 Dmitri Dolguikh Fri Feb 28 14:58:46 2020 -0800 added an explanation why DynamicOpentracingHttpTracer has been disabled (maistra#4) 7fe1986 Dmitri Dolguikh Fri Feb 28 14:57:44 2020 -0800 Fixes MAISTRA-1167: RetryHostPredicateFilter in protocol_integration_test suite passes now (maistra#3) 2c5d27e Dmitri Dolguikh Fri Feb 14 12:50:21 2020 -0800 Fixes MAISTRA-1167: //test/extensions/filters/listener/proxy_protocol:proxy_protocol_test is passing now (maistra#2) 7d0995a Dmitri Dolguikh Fri Feb 14 12:49:59 2020 -0800 Merge pull request maistra#1 from dmitri-d/fix-1168-certchain ff116fa Dmitri Dolguikh Wed Feb 12 15:29:31 2020 -0800 Fixes MAISTRA-1168: added implementation of boringssl function SSL_get_peer_full_cert_chain 72c81ba Dmitri Dolguikh Tue Feb 11 16:27:50 2020 -0800 Updated jwt_verification_lib to the latest version 487d30c Dmitri Dolguikh Tue Feb 11 09:19:53 2020 -0800 Updated for maistra-1.1 release 071457c Dmitri Dolguikh Tue Feb 4 15:32:41 2020 -0800 updated to support openssl Signed-off-by: Dmitri Dolguikh <[email protected]> * Fixed failing tests * Fixed failing tests * Removed todos that have been completed
knrc
pushed a commit
to knrc/envoy
that referenced
this pull request
Jan 14, 2021
* Changes and fixes to support OpenSSL 8f2ed86 Tim Walsh Tue Mar 31 03:42:57 2020 +1000 Fix for dual certificate issue MAISTRA-1142 (maistra#10) 13d2925 Dmitri Dolguikh Thu Mar 26 14:00:00 2020 -0700 Fixes MAISTRA-1299: fix ASSERT failure and infinite loop when attempting to unset readDisable state on a closed connection, part 2 (maistra#11) a939c3c Dmitri Dolguikh Wed Mar 25 14:22:39 2020 -0700 Fixes MAISTRA-1299: fix ASSERT failure and infinite loop when attempting to unset readDisable state on a closed connection (maistra#9) 09d777a Jonh Wendell Mon Mar 16 18:42:04 2020 -0400 Merge pull request maistra#8 from jwendell/MAISTRA-1275 362b623 Jonh Wendell Mon Mar 16 18:33:04 2020 -0400 MAISTRA-1275: Write "OpenSSL" into envoy --version 6110125 Dmitri Dolguikh Fri Mar 13 10:43:59 2020 -0700 Merge pull request maistra#7 from dmitri-d/maistra-1.1-upstream-release-1.4.6-patch 7f1eb1e Dmitri Dolguikh Thu Mar 12 16:19:25 2020 -0700 Removed no longer relevant comments from tls_inspector_test 8ccac21 Dmitri Dolguikh Thu Mar 12 10:49:01 2020 -0700 Fixing alpn detection in tls_inspector cf0f50b Dmitri Dolguikh Thu Mar 12 14:10:23 2020 -0700 Updated bssl_wrapper to latest version fac23c0 Dmitri Dolguikh Thu Mar 12 14:38:36 2020 -0700 Merge branch 'upstream-release-1.4.6-patch' into maistra-1.1 0b12b16 Dmitri Dolguikh Mon Mar 9 10:55:57 2020 -0700 Fixes MAISTRA-1226: added support for importPublicKey in lua filter (maistra#6) e6e28d9 Dmitri Dolguikh Fri Feb 28 14:59:58 2020 -0800 added an explanation why DynamicOpentracingHttpTracer has been disabled (maistra#5) 7e50506 Dmitri Dolguikh Fri Feb 28 14:58:46 2020 -0800 added an explanation why DynamicOpentracingHttpTracer has been disabled (maistra#4) 7fe1986 Dmitri Dolguikh Fri Feb 28 14:57:44 2020 -0800 Fixes MAISTRA-1167: RetryHostPredicateFilter in protocol_integration_test suite passes now (maistra#3) 2c5d27e Dmitri Dolguikh Fri Feb 14 12:50:21 2020 -0800 Fixes MAISTRA-1167: //test/extensions/filters/listener/proxy_protocol:proxy_protocol_test is passing now (maistra#2) 7d0995a Dmitri Dolguikh Fri Feb 14 12:49:59 2020 -0800 Merge pull request maistra#1 from dmitri-d/fix-1168-certchain ff116fa Dmitri Dolguikh Wed Feb 12 15:29:31 2020 -0800 Fixes MAISTRA-1168: added implementation of boringssl function SSL_get_peer_full_cert_chain 72c81ba Dmitri Dolguikh Tue Feb 11 16:27:50 2020 -0800 Updated jwt_verification_lib to the latest version 487d30c Dmitri Dolguikh Tue Feb 11 09:19:53 2020 -0800 Updated for maistra-1.1 release 071457c Dmitri Dolguikh Tue Feb 4 15:32:41 2020 -0800 updated to support openssl Signed-off-by: Dmitri Dolguikh <[email protected]> * Fixed failing tests * Fixed failing tests * Removed todos that have been completed
dmitri-d
pushed a commit
to dmitri-d/maistra-envoy
that referenced
this pull request
May 14, 2021
* Changes and fixes to support OpenSSL 8f2ed86 Tim Walsh Tue Mar 31 03:42:57 2020 +1000 Fix for dual certificate issue MAISTRA-1142 (maistra#10) 13d2925 Dmitri Dolguikh Thu Mar 26 14:00:00 2020 -0700 Fixes MAISTRA-1299: fix ASSERT failure and infinite loop when attempting to unset readDisable state on a closed connection, part 2 (maistra#11) a939c3c Dmitri Dolguikh Wed Mar 25 14:22:39 2020 -0700 Fixes MAISTRA-1299: fix ASSERT failure and infinite loop when attempting to unset readDisable state on a closed connection (maistra#9) 09d777a Jonh Wendell Mon Mar 16 18:42:04 2020 -0400 Merge pull request maistra#8 from jwendell/MAISTRA-1275 362b623 Jonh Wendell Mon Mar 16 18:33:04 2020 -0400 MAISTRA-1275: Write "OpenSSL" into envoy --version 6110125 Dmitri Dolguikh Fri Mar 13 10:43:59 2020 -0700 Merge pull request maistra#7 from dmitri-d/maistra-1.1-upstream-release-1.4.6-patch 7f1eb1e Dmitri Dolguikh Thu Mar 12 16:19:25 2020 -0700 Removed no longer relevant comments from tls_inspector_test 8ccac21 Dmitri Dolguikh Thu Mar 12 10:49:01 2020 -0700 Fixing alpn detection in tls_inspector cf0f50b Dmitri Dolguikh Thu Mar 12 14:10:23 2020 -0700 Updated bssl_wrapper to latest version fac23c0 Dmitri Dolguikh Thu Mar 12 14:38:36 2020 -0700 Merge branch 'upstream-release-1.4.6-patch' into maistra-1.1 0b12b16 Dmitri Dolguikh Mon Mar 9 10:55:57 2020 -0700 Fixes MAISTRA-1226: added support for importPublicKey in lua filter (maistra#6) e6e28d9 Dmitri Dolguikh Fri Feb 28 14:59:58 2020 -0800 added an explanation why DynamicOpentracingHttpTracer has been disabled (maistra#5) 7e50506 Dmitri Dolguikh Fri Feb 28 14:58:46 2020 -0800 added an explanation why DynamicOpentracingHttpTracer has been disabled (maistra#4) 7fe1986 Dmitri Dolguikh Fri Feb 28 14:57:44 2020 -0800 Fixes MAISTRA-1167: RetryHostPredicateFilter in protocol_integration_test suite passes now (maistra#3) 2c5d27e Dmitri Dolguikh Fri Feb 14 12:50:21 2020 -0800 Fixes MAISTRA-1167: //test/extensions/filters/listener/proxy_protocol:proxy_protocol_test is passing now (maistra#2) 7d0995a Dmitri Dolguikh Fri Feb 14 12:49:59 2020 -0800 Merge pull request maistra#1 from dmitri-d/fix-1168-certchain ff116fa Dmitri Dolguikh Wed Feb 12 15:29:31 2020 -0800 Fixes MAISTRA-1168: added implementation of boringssl function SSL_get_peer_full_cert_chain 72c81ba Dmitri Dolguikh Tue Feb 11 16:27:50 2020 -0800 Updated jwt_verification_lib to the latest version 487d30c Dmitri Dolguikh Tue Feb 11 09:19:53 2020 -0800 Updated for maistra-1.1 release 071457c Dmitri Dolguikh Tue Feb 4 15:32:41 2020 -0800 updated to support openssl Signed-off-by: Dmitri Dolguikh <[email protected]> * Fixed failing tests * Fixed failing tests * Removed todos that have been completed
oschaaf
pushed a commit
that referenced
this pull request
Oct 26, 2022
Signed-off-by: Ismo Puustinen <[email protected]>
oschaaf
pushed a commit
that referenced
this pull request
Oct 26, 2022
Commit Message: stream_idle_timer_ is armed to timeout the sending of the bufferred response payload in the quic stream send buffer after the end stream is buffered in the stream. But today this timer is armed even if the the encoding of the payload causes the stream to be closed, in which case the timer can never be cancelled till the stream destruction with ASSERT hit as below: [2022-08-12 22:23:38.843][12][critical][backtrace] [./source/server/backtrace.h:104] Caught Aborted, suspect faulting address 0x50e8d0000000c [2022-08-12 22:23:38.844][12][critical][backtrace] [./source/server/backtrace.h:91] Backtrace (use tools/stack_decode.py to get line numbers): [2022-08-12 22:23:38.844][12][critical][backtrace] [./source/server/backtrace.h:92] Envoy version: 0/1.24.0-dev/test/DEBUG/BoringSSL [2022-08-12 22:23:38.858][12][critical][backtrace] [./source/server/backtrace.h:96] #0: Envoy::SignalAction::sigHandler() [0x3480b28] [2022-08-12 22:23:38.858][12][critical][backtrace] [./source/server/backtrace.h:96] #1: __restore_rt [0x7f94b072c200] [2022-08-12 22:23:38.872][12][critical][backtrace] [./source/server/backtrace.h:96] #2: Envoy::Quic::EnvoyQuicStream::~EnvoyQuicStream() [0x2a2fe98] [2022-08-12 22:23:38.885][12][critical][backtrace] [./source/server/backtrace.h:96] #3: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a78058] [2022-08-12 22:23:38.899][12][critical][backtrace] [./source/server/backtrace.h:96] #4: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a77d30] [2022-08-12 22:23:38.912][12][critical][backtrace] [./source/server/backtrace.h:96] #5: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a77d69] This change check stream close in this case, so that the idle timer will not be armed for closed streams. Risk Level: low Testing: new unit test Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A Signed-off-by: Dan Zhang <[email protected]>
oschaaf
pushed a commit
that referenced
this pull request
Oct 26, 2022
…2856) `//test/integration:tcp_proxy_odcds_integration_test` was observed to fail as follows: ``` ==================== Test output for //test/integration:tcp_proxy_odcds_integration_test: [==========] Running 24 tests from 1 test suite. [----------] Global test environment set-up. [----------] 24 tests from IpVersionsClientType/TcpProxyOdcdsIntegrationTest [ RUN ] IpVersionsClientType/TcpProxyOdcdsIntegrationTest.SingleTcpClient/0 [2022-08-25 20:22:46.750][3969][critical][assert] [test/integration/fake_upstream.cc:832] assert failure: !dispatcher_->isThreadSafe(). [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:104] Caught Aborted, suspect faulting address 0x6b00000f81 [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:91] Backtrace (use tools/stack_decode.py to get line numbers): [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:92] Envoy version: 0/1.24.0-dev/test/DEBUG/BoringSSL [2022-08-25 20:22:46.773][3969][critical][backtrace] [./source/server/backtrace.h:96] #0: Envoy::SignalAction::sigHandler() [0x4c46a78]->[0x2cf2a78] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1267 [2022-08-25 20:22:46.773][3969][critical][backtrace] [./source/server/backtrace.h:96] #1: __restore_rt [0x7ffbdaa79420]->[0x7ffbd8b25420] ??:0 [2022-08-25 20:22:46.802][3969][critical][backtrace] [./source/server/backtrace.h:96] #2: Envoy::FakeUpstream::assertPendingConnectionsEmpty() [0x245bf0b]->[0x507f0b] ??:0 [2022-08-25 20:22:46.846][3969][critical][backtrace] [./source/server/backtrace.h:96] #3: Envoy::(anonymous namespace)::TcpProxyOdcdsIntegrationTest_SingleTcpClient_Test::TestBody() [0x1f596cb]->[0x56cb] ??:0 [2022-08-25 20:22:46.877][3969][critical][backtrace] [./source/server/backtrace.h:96] #4: testing::internal::HandleSehExceptionsInMethodIfSupported<>() [0x588b61b]->[0x393761b] ??:0 [2022-08-25 20:22:46.924][3969][critical][backtrace] [./source/server/backtrace.h:96] #5: testing::internal::HandleExceptionsInMethodIfSupported<>() [0x587c2bd]->[0x39282bd] ??:0 [2022-08-25 20:22:46.966][3969][critical][backtrace] [./source/server/backtrace.h:96] #6: testing::Test::Run() [0x5864ba3]->[0x3910ba3] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:0 [2022-08-25 20:22:47.003][3969][critical][backtrace] [./source/server/backtrace.h:96] #7: testing::TestInfo::Run() [0x586576a]->[0x391176a] external/com_google_absl/absl/container/internal/raw_hash_set.h:1259 [2022-08-25 20:22:47.037][3969][critical][backtrace] [./source/server/backtrace.h:96] #8: testing::TestSuite::Run() [0x5865fbb]->[0x3911fbb] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_algo.h:1925 [2022-08-25 20:22:47.089][3969][critical][backtrace] [./source/server/backtrace.h:96] #9: testing::internal::UnitTestImpl::RunAllTests() [0x5874a28]->[0x3920a28] envoy/registry/registry.h:509 [2022-08-25 20:22:47.114][3969][critical][backtrace] [./source/server/backtrace.h:96] #10: testing::internal::HandleSehExceptionsInMethodIfSupported<>() [0x588ddbb]->[0x3939dbb] envoy/registry/registry.h:0 [2022-08-25 20:22:47.160][3969][critical][backtrace] [./source/server/backtrace.h:96] #11: testing::internal::HandleExceptionsInMethodIfSupported<>() [0x587e683]->[0x392a683] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/unique_ptr.h:154 [2022-08-25 20:22:47.191][3969][critical][backtrace] [./source/server/backtrace.h:96] #12: testing::UnitTest::Run() [0x5874568]->[0x3920568] envoy/registry/registry.h:508 [2022-08-25 20:22:47.237][3969][critical][backtrace] [./source/server/backtrace.h:96] #13: RUN_ALL_TESTS() [0x4878d51]->[0x2924d51] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1203 [2022-08-25 20:22:47.284][3969][critical][backtrace] [./source/server/backtrace.h:96] #14: Envoy::TestRunner::RunTests() [0x48783b1]->[0x29243b1] external/com_google_googletest/googlemock/include/gmock/gmock-actions.h:485 [2022-08-25 20:22:47.316][3969][critical][backtrace] [./source/server/backtrace.h:96] #15: main [0x4874c3a]->[0x2920c3a] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1181 [2022-08-25 20:22:47.316][3969][critical][backtrace] [./source/server/backtrace.h:96] #16: __libc_start_main [0x7ffbda897083]->[0x7ffbd8943083] ??:0 ================================================================================ ``` This is due to the race described by envoyproxy/envoy#22855. Making sure the dispatcher thread is running before starting the test avoids this problem. Signed-off-by: Benjamin Peterson <[email protected]>
oschaaf
pushed a commit
that referenced
this pull request
Oct 26, 2022
This test sends a large number of metadata frames in order to trigger a disconnect. However, it was possible for the disconnect to happen and the connection to be torn down before all the metadata frames had been sent. If that happened, ASAN detected a UAF:
```
==95==ERROR: AddressSanitizer: heap-use-after-free on address 0x60700037e5a0 at pc 0x000004811f9e bp 0x7ffc903af990 sp 0x7ffc903af988
READ of size 8 at 0x60700037e5a0 thread T0
#0 0x4811f9d in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:168:3
#1 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
#2 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
#3 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
#4 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
#5 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
#6 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
#7 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/
gtest.cc:2580:10
#8 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
#9 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
#10 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
#11 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
#12 0x45ed36d in _start (/mnt/ssd/cas/work/1/exec/bazel-out/k8-dbg/bin/test/integration/http2_flood_integration_test.runfiles/envoy/test/integration/http2_flood_integration_test+0x45ed36d)
0x60700037e5a0 is located 48 bytes inside of 80-byte region [0x60700037e570,0x60700037e5c0)
freed by thread T0 here:
#0 0x466f7d2 in free /local/mnt/workspace/bcain_clang_hu-bcain-lv_22036/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3
#1 0x831dde8 in Envoy::Http::CodecClient::ActiveRequest::~ActiveRequest() /proc/self/cwd/./source/common/http/codec_client.h:220:10
#2 0x5aa33f9 in std::__1::unique_ptr<Envoy::Event::DeferredDeletable, std::__1::default_delete<Envoy::Event::DeferredDeletable> >::reset(Envoy::Event::DeferredDeletable*) /opt/llvm/bin/../include/c++/v1/__memory/unique_ptr.h:54:5
#3 0xa3218e8 in Envoy::Event::DispatcherImpl::clearDeferredDeleteList() /proc/self/cwd/source/common/event/dispatcher_impl.cc:142:21
#4 0xa3348df in void std::__1::__invoke_void_return_wrapper<void, true>::__call<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&
, Envoy::Random::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&
, std::__1::shared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&>(Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Rand
om::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::s
hared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&) /proc/self/cwd/source/common/event/dispatcher_impl.cc:79:30
#5 0xa334603 in std::__1::__function::__func<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenerator&,
Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy::Buffe
r::WatermarkFactory> const&)::$_2, std::__1::allocator<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenera
tor&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy:
:Buffer::WatermarkFactory> const&)::$_2>, void ()>::operator()() /opt/llvm/bin/../include/c++/v1/__functional/function.h:180:16
#6 0x4897039 in std::__1::__function::__value_func<void ()>::operator()() const /opt/llvm/bin/../include/c++/v1/__functional/function.h:507:16
#7 0xa8e6aa4 in Envoy::Event::SchedulableCallbackImpl::SchedulableCallbackImpl(Envoy::CSmartPtr<event_base, &(event_base_free)>&, std::__1::function<void ()>)::$_0::__invoke(int, short, void*) /opt/llvm/bin/../include/c++/v1/__functional/function.h:1184:12
#8 0xb557c5e in event_process_active_single_queue /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:1713:4
#9 0xb539252 in event_process_active /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c
#10 0xb539252 in event_base_loop /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:2047:12
#11 0xa8e1e3c in Envoy::Event::LibeventScheduler::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/libevent_scheduler.cc:60:3
#12 0xa32bd94 in Envoy::Event::DispatcherImpl::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/dispatcher_impl.cc:299:19
#13 0x480faad in Envoy::IntegrationCodecClient::flushWrite() /proc/self/cwd/test/integration/http_integration.cc:100:29
#14 0x4811e94 in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:169:3
#15 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
#16 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
#17 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
#18 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
#19 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
#20 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
#21 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
#22 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
#23 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
#24 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
#25 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
```
To fix that, write all metadata frames at once.
Signed-off-by: Benjamin Peterson <[email protected]>
oschaaf
pushed a commit
that referenced
this pull request
Oct 27, 2022
Signed-off-by: Ismo Puustinen <[email protected]>
oschaaf
pushed a commit
that referenced
this pull request
Oct 27, 2022
Commit Message: stream_idle_timer_ is armed to timeout the sending of the bufferred response payload in the quic stream send buffer after the end stream is buffered in the stream. But today this timer is armed even if the the encoding of the payload causes the stream to be closed, in which case the timer can never be cancelled till the stream destruction with ASSERT hit as below: [2022-08-12 22:23:38.843][12][critical][backtrace] [./source/server/backtrace.h:104] Caught Aborted, suspect faulting address 0x50e8d0000000c [2022-08-12 22:23:38.844][12][critical][backtrace] [./source/server/backtrace.h:91] Backtrace (use tools/stack_decode.py to get line numbers): [2022-08-12 22:23:38.844][12][critical][backtrace] [./source/server/backtrace.h:92] Envoy version: 0/1.24.0-dev/test/DEBUG/BoringSSL [2022-08-12 22:23:38.858][12][critical][backtrace] [./source/server/backtrace.h:96] #0: Envoy::SignalAction::sigHandler() [0x3480b28] [2022-08-12 22:23:38.858][12][critical][backtrace] [./source/server/backtrace.h:96] #1: __restore_rt [0x7f94b072c200] [2022-08-12 22:23:38.872][12][critical][backtrace] [./source/server/backtrace.h:96] #2: Envoy::Quic::EnvoyQuicStream::~EnvoyQuicStream() [0x2a2fe98] [2022-08-12 22:23:38.885][12][critical][backtrace] [./source/server/backtrace.h:96] #3: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a78058] [2022-08-12 22:23:38.899][12][critical][backtrace] [./source/server/backtrace.h:96] #4: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a77d30] [2022-08-12 22:23:38.912][12][critical][backtrace] [./source/server/backtrace.h:96] #5: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a77d69] This change check stream close in this case, so that the idle timer will not be armed for closed streams. Risk Level: low Testing: new unit test Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A Signed-off-by: Dan Zhang <[email protected]>
oschaaf
pushed a commit
that referenced
this pull request
Oct 27, 2022
…2856) `//test/integration:tcp_proxy_odcds_integration_test` was observed to fail as follows: ``` ==================== Test output for //test/integration:tcp_proxy_odcds_integration_test: [==========] Running 24 tests from 1 test suite. [----------] Global test environment set-up. [----------] 24 tests from IpVersionsClientType/TcpProxyOdcdsIntegrationTest [ RUN ] IpVersionsClientType/TcpProxyOdcdsIntegrationTest.SingleTcpClient/0 [2022-08-25 20:22:46.750][3969][critical][assert] [test/integration/fake_upstream.cc:832] assert failure: !dispatcher_->isThreadSafe(). [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:104] Caught Aborted, suspect faulting address 0x6b00000f81 [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:91] Backtrace (use tools/stack_decode.py to get line numbers): [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:92] Envoy version: 0/1.24.0-dev/test/DEBUG/BoringSSL [2022-08-25 20:22:46.773][3969][critical][backtrace] [./source/server/backtrace.h:96] #0: Envoy::SignalAction::sigHandler() [0x4c46a78]->[0x2cf2a78] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1267 [2022-08-25 20:22:46.773][3969][critical][backtrace] [./source/server/backtrace.h:96] #1: __restore_rt [0x7ffbdaa79420]->[0x7ffbd8b25420] ??:0 [2022-08-25 20:22:46.802][3969][critical][backtrace] [./source/server/backtrace.h:96] #2: Envoy::FakeUpstream::assertPendingConnectionsEmpty() [0x245bf0b]->[0x507f0b] ??:0 [2022-08-25 20:22:46.846][3969][critical][backtrace] [./source/server/backtrace.h:96] #3: Envoy::(anonymous namespace)::TcpProxyOdcdsIntegrationTest_SingleTcpClient_Test::TestBody() [0x1f596cb]->[0x56cb] ??:0 [2022-08-25 20:22:46.877][3969][critical][backtrace] [./source/server/backtrace.h:96] #4: testing::internal::HandleSehExceptionsInMethodIfSupported<>() [0x588b61b]->[0x393761b] ??:0 [2022-08-25 20:22:46.924][3969][critical][backtrace] [./source/server/backtrace.h:96] #5: testing::internal::HandleExceptionsInMethodIfSupported<>() [0x587c2bd]->[0x39282bd] ??:0 [2022-08-25 20:22:46.966][3969][critical][backtrace] [./source/server/backtrace.h:96] #6: testing::Test::Run() [0x5864ba3]->[0x3910ba3] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:0 [2022-08-25 20:22:47.003][3969][critical][backtrace] [./source/server/backtrace.h:96] #7: testing::TestInfo::Run() [0x586576a]->[0x391176a] external/com_google_absl/absl/container/internal/raw_hash_set.h:1259 [2022-08-25 20:22:47.037][3969][critical][backtrace] [./source/server/backtrace.h:96] #8: testing::TestSuite::Run() [0x5865fbb]->[0x3911fbb] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_algo.h:1925 [2022-08-25 20:22:47.089][3969][critical][backtrace] [./source/server/backtrace.h:96] #9: testing::internal::UnitTestImpl::RunAllTests() [0x5874a28]->[0x3920a28] envoy/registry/registry.h:509 [2022-08-25 20:22:47.114][3969][critical][backtrace] [./source/server/backtrace.h:96] #10: testing::internal::HandleSehExceptionsInMethodIfSupported<>() [0x588ddbb]->[0x3939dbb] envoy/registry/registry.h:0 [2022-08-25 20:22:47.160][3969][critical][backtrace] [./source/server/backtrace.h:96] #11: testing::internal::HandleExceptionsInMethodIfSupported<>() [0x587e683]->[0x392a683] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/unique_ptr.h:154 [2022-08-25 20:22:47.191][3969][critical][backtrace] [./source/server/backtrace.h:96] #12: testing::UnitTest::Run() [0x5874568]->[0x3920568] envoy/registry/registry.h:508 [2022-08-25 20:22:47.237][3969][critical][backtrace] [./source/server/backtrace.h:96] #13: RUN_ALL_TESTS() [0x4878d51]->[0x2924d51] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1203 [2022-08-25 20:22:47.284][3969][critical][backtrace] [./source/server/backtrace.h:96] #14: Envoy::TestRunner::RunTests() [0x48783b1]->[0x29243b1] external/com_google_googletest/googlemock/include/gmock/gmock-actions.h:485 [2022-08-25 20:22:47.316][3969][critical][backtrace] [./source/server/backtrace.h:96] #15: main [0x4874c3a]->[0x2920c3a] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1181 [2022-08-25 20:22:47.316][3969][critical][backtrace] [./source/server/backtrace.h:96] #16: __libc_start_main [0x7ffbda897083]->[0x7ffbd8943083] ??:0 ================================================================================ ``` This is due to the race described by envoyproxy/envoy#22855. Making sure the dispatcher thread is running before starting the test avoids this problem. Signed-off-by: Benjamin Peterson <[email protected]>
oschaaf
pushed a commit
that referenced
this pull request
Oct 27, 2022
This test sends a large number of metadata frames in order to trigger a disconnect. However, it was possible for the disconnect to happen and the connection to be torn down before all the metadata frames had been sent. If that happened, ASAN detected a UAF:
```
==95==ERROR: AddressSanitizer: heap-use-after-free on address 0x60700037e5a0 at pc 0x000004811f9e bp 0x7ffc903af990 sp 0x7ffc903af988
READ of size 8 at 0x60700037e5a0 thread T0
#0 0x4811f9d in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:168:3
#1 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
#2 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
#3 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
#4 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
#5 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
#6 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
#7 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/
gtest.cc:2580:10
#8 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
#9 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
#10 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
#11 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
#12 0x45ed36d in _start (/mnt/ssd/cas/work/1/exec/bazel-out/k8-dbg/bin/test/integration/http2_flood_integration_test.runfiles/envoy/test/integration/http2_flood_integration_test+0x45ed36d)
0x60700037e5a0 is located 48 bytes inside of 80-byte region [0x60700037e570,0x60700037e5c0)
freed by thread T0 here:
#0 0x466f7d2 in free /local/mnt/workspace/bcain_clang_hu-bcain-lv_22036/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3
#1 0x831dde8 in Envoy::Http::CodecClient::ActiveRequest::~ActiveRequest() /proc/self/cwd/./source/common/http/codec_client.h:220:10
#2 0x5aa33f9 in std::__1::unique_ptr<Envoy::Event::DeferredDeletable, std::__1::default_delete<Envoy::Event::DeferredDeletable> >::reset(Envoy::Event::DeferredDeletable*) /opt/llvm/bin/../include/c++/v1/__memory/unique_ptr.h:54:5
#3 0xa3218e8 in Envoy::Event::DispatcherImpl::clearDeferredDeleteList() /proc/self/cwd/source/common/event/dispatcher_impl.cc:142:21
#4 0xa3348df in void std::__1::__invoke_void_return_wrapper<void, true>::__call<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&
, Envoy::Random::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&
, std::__1::shared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&>(Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Rand
om::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::s
hared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&) /proc/self/cwd/source/common/event/dispatcher_impl.cc:79:30
#5 0xa334603 in std::__1::__function::__func<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenerator&,
Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy::Buffe
r::WatermarkFactory> const&)::$_2, std::__1::allocator<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenera
tor&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy:
:Buffer::WatermarkFactory> const&)::$_2>, void ()>::operator()() /opt/llvm/bin/../include/c++/v1/__functional/function.h:180:16
#6 0x4897039 in std::__1::__function::__value_func<void ()>::operator()() const /opt/llvm/bin/../include/c++/v1/__functional/function.h:507:16
#7 0xa8e6aa4 in Envoy::Event::SchedulableCallbackImpl::SchedulableCallbackImpl(Envoy::CSmartPtr<event_base, &(event_base_free)>&, std::__1::function<void ()>)::$_0::__invoke(int, short, void*) /opt/llvm/bin/../include/c++/v1/__functional/function.h:1184:12
#8 0xb557c5e in event_process_active_single_queue /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:1713:4
#9 0xb539252 in event_process_active /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c
#10 0xb539252 in event_base_loop /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:2047:12
#11 0xa8e1e3c in Envoy::Event::LibeventScheduler::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/libevent_scheduler.cc:60:3
#12 0xa32bd94 in Envoy::Event::DispatcherImpl::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/dispatcher_impl.cc:299:19
#13 0x480faad in Envoy::IntegrationCodecClient::flushWrite() /proc/self/cwd/test/integration/http_integration.cc:100:29
#14 0x4811e94 in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:169:3
#15 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
#16 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
#17 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
#18 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
#19 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
#20 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
#21 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
#22 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
#23 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
#24 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
#25 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
```
To fix that, write all metadata frames at once.
Signed-off-by: Benjamin Peterson <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes MAISTRA-1168.
The issue was that the openssl call (SSL_get_peer_cert_chain) that we used to substitute a boringssl one (SSL_get_peer_full_cert_chain) doesn't return a full certificate chain when called on the server: client peer certificate needs to be retrieved separately (see https://www.openssl.org/docs/man1.1.0/man3/SSL_get_peer_cert_chain.html for more details). I added an implementation of SSL_get_peer_full_cert_chain that emulates boringssl behaviour.