[Mono-bugs] [Bug 76254][Nor] Changed - Infinite loop entered on server during SSL handhake.

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Wed Jan 18 09:19:21 EST 2006 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by imoir at templetech.com.

http://bugzilla.ximian.com/show_bug.cgi?id=76254

--- shadow/76254	2006-01-03 14:12:12.000000000 -0500
+++ shadow/76254.tmp.13574	2006-01-18 09:19:21.000000000 -0500
@@ -139,6 +139,64 @@
 IPTest.tgz - Files needed to reproduce the bug ( that actually work )
 
 
 ------- Additional Comments From imoir at templetech.com  2006-01-03 14:12 -------
 The attachment dated "09/28/05 02:32" is bad, please do not use it. 
 Use the "01/03/06 14:03" attachment instead.
+
+------- Additional Comments From imoir at templetech.com  2006-01-18 09:19 -------
+A colleague of mine, Brian Kroeker, has come up with a partial
+solution to this bug. It will interrupt the infinite loop if the
+client closes the socket during the handshake. While this seems to fix
+the particular situation we are seeing, this change will not protect
+against a client that just stops the handshake process without closing
+the socket.
+
+The following diff is applied to
+mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs
+from the 1.1.12.1 version release of Mono.
+
+--- SslServerStream.cs  2006-01-18 06:44:20.000000000 -0700
++++
+mono-1.1.12.1/mcs/class/Mono.Security/Mono.Security.Protocol.Tls/SslServerStream.cs
+2005-10-06 07:42:03.000000000 -0600
+@@ -184,12 +184,11 @@
+
+                        // Receive Client Hello message
+                        return
+this.protocol.BeginReceiveRecord(this.innerStream, callback, state);
++
+                }
+
+                internal override void
+OnNegotiateHandshakeCallback(IAsyncResult asyncResult)
+                {
+-                       byte[] temp;
+-
+                        // Receive Client Hello message and ignore it
+                        this.protocol.EndReceiveRecord(asyncResult);
+
+@@ -230,15 +229,7 @@
+                        // is received
+                        while (this.context.LastHandshakeMsg !=
+HandshakeType.Finished)
+                        {
+-                               temp =
+this.protocol.ReceiveRecord(this.innerStream);
+-                               if(temp == null || temp.Length == 0)
+-                                {
+-                                       System.Console.WriteLine("Got
+0 length or null message!!!!!");
+-
+-                                       throw new TlsException(
+-                                              
+AlertDescription.BadCertificate,
+-                                               "No certificate
+received from client. Zero length message");
+-                               }
++                              
+this.protocol.ReceiveRecord(this.innerStream);
+                        }
+
+                        if (certRequested &&
+(this.context.ClientSettings.ClientCertificate == null))
+

More information about the mono-bugs mailing list