Opened 6 weeks ago

Last modified 6 weeks ago

#7894 new defect

SChannel TLS implementation bug

Reported by: Adion Owned by:
Priority: normal Component: avformat
Version: git-master Keywords: schannel tls
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

There's a bug in tls_schannel.c that prevents rtmps to work correctly when using this tls implementation. (It hangs in an infinite loop in tcp_read)
It is present in ffmpeg v4.1.3 and at this time is also still present in master.

The problem is in tls_read, when only a subset of the data returned by the server is requested.
First data is read from the server into c->enc_buf.
Next the data is decoded, but data is only encoded until enough data is decoded to fulfill the read request.
In the case of SECBUFFER_EXTRA, there may still be undecoded data in enc_buf when the loop stops and the data is returned.

On the next call to tls_read, there is not enough data in the decoded buffer, so it requests more data from the tcp layer, but this never comes as the data is already there, just not decoded yet.

I fixed it by decoding all the data before returning. Another way would be to check if there is still undecoded data in the encode data on the next request and decode it at that time.

I changed

while (c->enc_buf_offset > 0 && sspi_ret == SEC_E_OK && c->dec_buf_offset < len) {

to

while (c->enc_buf_offset > 0 && sspi_ret == SEC_E_OK) {

Related to this, I found it odd that by default there is no timeout specified, is this normal?

Change History (1)

comment:1 Changed 6 weeks ago by cehoyos

Please send your patch - made with git format-patch - to the FFmpeg development mailing list.

Note: See TracTickets for help on using tickets.