Details
-
Bug
-
Resolution: Fixed
-
P1: Critical
-
5.12.2, 5.12.3, 5.12.4, 5.12.5, 5.12.6, 5.12.7, 5.12.8, 5.13.0, 5.13.1, 5.13.2, 5.14.0, 5.14.1, 5.14.2
-
None
-
8907635da59c2ae0e8db01f27b24a841b830e655 (qt/qtbase/5.15) 8ddffc6ba4f38bb8dbeb0cf61b6b10ee73505bbb (qt/qtbase/5.15) 36a8bdbc8417506513207daf4f36533a3d6632f3 (qt/tqtc-qtbase/5.12)
Description
In https://code.qt.io/cgit/qt/qtbase.git/commit/?id=93a803a6de27d9eb57931c431b5f3d074914f693 Qt incorrectly calls SSL_shutdown() in OpenSSL mid-handshake and the resulting error is not handled. This affects all versions >= 5.12.2.
Additionally, there appears to be another issue that causes Qt to emit error() from unrelated QSslSocket(s). This means that closing a connection early will terminate other TLS connections leading to an extremely simple and effective denial of service attack in programs that use Qt's TLS implementation. For example, see this issue report for Mumble: https://github.com/mumble-voip/mumble/issues/3679
For correct usage of OpenSSL, see how NGINX handles this: https://github.com/nginx/nginx/blob/65ae8b315211988a821bdc32050768f41571ddae/src/event/ngx_event_openssl.c#L2732-L2824
Attachments
For Gerrit Dashboard: QTBUG-83450 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
296905,8 | OpenSSL: handle SSL_shutdown's errors properly | 5.15 | qt/qtbase | Status: MERGED | +2 | 0 |
297147,6 | OpenSSL: handle SSL_shutdown's errors properly | 5.14 | qt/qtbase | Status: MERGED | +2 | 0 |
297149,3 | OpenSSL: handle SSL_shutdown's errors properly | 5.12 | qt/qtbase | Status: MERGED | +2 | 0 |