Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-3031

Race condition in SSLNextProtocolSet::advertiseProtocols

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 5.1.0
    • Core, SSL
    • None

    Description

      We've observed a bug in a production environment where clients would receive malformed NPN sets. This is caused by a race condition in SSLNextProtocolSet::advertiseProtocols:

       if (!npn && !this->endpoints.empty()) {    
         create_npn_advertisement(this->endpoints, &npn, &npnsz);
       }
      

      Obviously this code is attempting to initailize the npn offer string on the first SSL request to that port, this is a race condition. I have a fix that will be committed today.

      Attachments

        Issue Links

          Activity

            People

              briang Brian Geffon
              briang Brian Geffon
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: