View Issue Details

IDProjectCategoryView StatusLast Update
0004406unrealircdpublic2015-09-04 11:20
ReporterEmanAssigned Tosyzop 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
PlatformLinuxOSScientific LinuxOS Version6.7
Product Version3.4-beta3 
Target VersionFixed in Version3.4-beta4 
Summary0004406: I/O engine DoS
Descriptionentire ircd freezes while ssl client waits for ssl certificate verification.
Steps To Reproducei used mirc for this: connect to server on ssl port with certificate that causes security alert to pop up, during this time the ircd is totally frozen for other clients and across the network.

Additional Informationmessages logged on server:
[2015/08/31 - 7:31:23PM] -alderaan.r-type.ca- Exiting ssl client [@192.168.10.100.2023]: SSL_accept(): Success
[2015/08/31 - 7:31:23PM] -alderaan.r-type.ca- *** WARNING: Slow I/O engine or high load: fd_select() took 60270 ms! read_callbacks=1, write_callbacks=0
[2015/08/31 - 7:31:23PM] -alderaan.r-type.ca- *** WARNING: Time jumped ~61 seconds ahead! (1441063824 -> 1441063885)
[2015/08/31 - 7:31:23PM] -alderaan.r-type.ca- *** Incorrect time for IRC servers is a serious problem. Time being adjusted (either by TSCTL or by resetting the clock) more than a few seconds forward/backward can lead to serious issues.
[2015/08/31 - 7:31:23PM] -alderaan.r-type.ca- *** Please be sure your clock is always synchronized before the IRCd is started or use the built-in timesynch feature.
[2015/08/31 - 7:31:23PM] -alderaan.r-type.ca- *** [TimeShift] Resetting some timers!
TagsNo tags attached.
3rd party modules

Activities

syzop

2015-09-01 09:26

administrator   ~0018663

Hmmm, strange. I can't reproduce it, trying what you describe:
1) Connect mIRC, I'm using version 7.41 and $sslversion is 1.0.1.12.
2) I get a Security alert... with OK / CANCEL (and option to automatically accept)

Then I try to connect another client, which goes fine. No delay. No message in log.

I believe you when you say you are experiencing this and it sounds like a real serious issue, so hope I can reproduce it with some more help.

Maybe you use a different mIRC version / SSL version combination, if so.. which ?

You connect directly to an SSL port? (so +XXXX or -e ....) or do you use STARTTLS?

Is your server located on a LAN or the Internet? (may impact things like add some delay and thus different processing of packets)

I'm using Debian 8.1, OpenSSL 1.0.1k 8 Jan 2015

Thanks!

Eman

2015-09-01 22:34

reporter   ~0018664

just realized i was still using a slightly outdated build, am still able to cause this on rev: f44ad7e6084436cfd8fdc8d817c92f25d305f68d

server is using a 32bit os

server /version:
[2015/09/01 - 4:33:15PM] Unreal3.4-beta2. alderaan.r-type.ca Fhin6OoEM [Linux buildhost 2.6.32-504.16.2.el6.i686 #1 SMP Tue Apr 21 10:34:36 CDT 2015 i686=2351]
[2015/09/01 - 4:33:15PM] -alderaan.r-type.ca- OpenSSL 1.0.1e-fips 11 Feb 2013
[2015/09/01 - 4:33:15PM] -alderaan.r-type.ca- libcurl/7.28.0 OpenSSL/1.0.1e zlib/1.2.3 c-ares/1.10.0 libidn/1.18
[2015/09/01 - 4:33:15PM] UHNAMES NAMESX SAFELIST HCN MAXCHANNELS=10 CHANLIMIT=#:10 MAXLIST=b:60,e:60,I:60 MAXNICKLEN=30 NICKLEN=30 CHANNELLEN=32 TOPICLEN=307 KICKLEN=307 AWAYLEN=307 are supported by this server
[2015/09/01 - 4:33:15PM] MAXTARGETS=20 WALLCHOPS WATCH=128 WATCHOPTS=A SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=beI,k,l,psmntirzMQNRTOVKDdGPZSCc NETWORK=R-TypeNet CASEMAPPING=ascii EXTBAN=~,SOcaRrnqj ELIST=MNUCT are supported by this server
[2015/09/01 - 4:33:15PM] STATUSMSG=~&@%+ EXCEPTS INVEX CMDS=USERIP,STARTTLS,KNOCK,DCCALLOW,MAP are supported by this server

client: mirc 7.32, ssl in mirc is 1.0.1c, connecting directly to port 6697, which is marked ssl in the config. this is a local server on my lan.

Eman

2015-09-01 22:54

reporter   ~0018665

i have just confirmed that this also occurs on the 64bit build of the same os

syzop

2015-09-02 09:40

administrator   ~0018666

Last edited: 2015-09-02 09:42

View 2 revisions

Tried again, but no luck unfortunately:
* installed and used mIRC 7.32 w/1.0.1c (SAME as yours)
* using SSL port, no STARTTLS (SAME)
* server on LAN (SAME)
* latest version f44ad7e6084436cfd8fdc8d817c92f25d305f68d (SAME?)
* OpenSSL 1.0.1k (DIFFERENT, yours is 1.0.1e)

I'm a bit confused by the /VERSION output you pasted. It says 3.4-beta2 but you say you are using f44ad7e6084436cfd8fdc8d817c92f25d305f68d which is the very latest git version and should show up as beta3.

Is it just an old paste (from before you upgraded) or was the 3.4-beta3 update indeed not actually installed / effective?

Eman

2015-09-03 12:21

reporter   ~0018668

so i erased everything from the user account im using to test 3.4, recompiled directly from latest git (https://github.com/unrealircd/unrealircd/archive/f44ad7e6084436cfd8fdc8d817c92f25d305f68d.zip), /version is still coming up as 3.4 beta 2

syzop

2015-09-03 18:50

administrator   ~0018669

I see, I forgot to run a command indeed (autogen) -- doesn't matter.

So you're using the same version too, you test the same way I do (as discussed on IRC).

Could you attach your unrealircd.conf (or more if you have split it up), or send them to syzop@vulnscan.org
Please xx out any passwords or other sensitive info like IP's.

That would be my last try though. If then I can still not reproduce then I can only ask for shell access to debug, as it's not reproducible here.

Thanks,

Bram.

Eman

2015-09-04 03:35

reporter   ~0018670

configuration file attached

syzop

2015-09-04 10:39

administrator   ~0018671

Last edited: 2015-09-04 11:15

View 2 revisions

Thanks, with your configuration file I can reproduce it 100% :)

EDIT: Strange, and now I can also reproduce it with my own config. Ah well. Happy I can reproduce it now.

syzop

2015-09-04 11:17

administrator   ~0018672

Declassified.

syzop

2015-09-04 11:20

administrator   ~0018673

Thanks for the report and all your help/patience :)
Still don't understand why I couldn't reproduce it earlier, tried numerous times.. maybe something SSL-client/DLL related as the server didn't change.
Doesn't matter anymore, the issue is fixed now.

https://github.com/unrealircd/unrealircd/commit/03616cb85377c954153f9a6bf3d77f562057335b

Author: Bram Matthys <syzop@vulnscan.org>
Date: Fri Sep 4 11:14:06 2015 +0200

    Fix UnrealIRCd hanging on SSL clients, thus freezing the IRCd. Reported by Eman (0004406).

Issue History

Date Modified Username Field Change
2015-09-01 01:44 Eman New Issue
2015-09-01 09:26 syzop Note Added: 0018663
2015-09-01 09:26 syzop Assigned To => syzop
2015-09-01 09:26 syzop Status new => feedback
2015-09-01 22:34 Eman Note Added: 0018664
2015-09-01 22:54 Eman Note Added: 0018665
2015-09-02 09:40 syzop Note Added: 0018666
2015-09-02 09:42 syzop Note Edited: 0018666 View Revisions
2015-09-03 12:21 Eman Note Added: 0018668
2015-09-03 18:50 syzop Note Added: 0018669
2015-09-04 03:34 Eman File Added: unrealircd.conf
2015-09-04 03:35 Eman Note Added: 0018670
2015-09-04 10:39 syzop Note Added: 0018671
2015-09-04 10:39 syzop Status feedback => confirmed
2015-09-04 11:15 syzop Note Edited: 0018671 View Revisions
2015-09-04 11:17 syzop File Deleted: unrealircd.conf
2015-09-04 11:17 syzop Note Added: 0018672
2015-09-04 11:17 syzop View Status private => public
2015-09-04 11:20 syzop Note Added: 0018673
2015-09-04 11:20 syzop Status confirmed => resolved
2015-09-04 11:20 syzop Fixed in Version => 3.4-beta4
2015-09-04 11:20 syzop Resolution open => fixed