Skip to content

server: ignore more error kinds in incoming socket stream #1885

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tottoto merged 1 commit into from
Aug 29, 2024
Merged

server: ignore more error kinds in incoming socket stream #1885

tottoto merged 1 commit into from
Aug 29, 2024

Conversation

@djc
Copy link
Contributor

@djc djc commented Aug 23, 2024

As discussed in #1882 (comment).

cc @grembo

@djc djc mentioned this pull request Aug 23, 2024
Merged
@grembo
Copy link
Contributor

grembo commented Aug 23, 2024

Looks good to me. In theory, WouldBlock is already filtered in TcpStream, but having all the transient ones checked in the same place is better 👍

I wonder if it would be a good idea to add/move these checks to tokio/net in the long run (around https://github.com/tokio-rs/tokio/blob/master/tokio/src/net/tcp/listener.rs#L186, where it already handled WouldBlock).

@djc
Copy link
Contributor Author

djc commented Aug 23, 2024

I wonder if it would be a good idea to add/move these checks to tokio/net in the long run (around https://github.com/tokio-rs/tokio/blob/master/tokio/src/net/tcp/listener.rs#L186, where it already handled WouldBlock).

I could see why Tokio wouldn't want to be so opinionated -- WouldBlock is more clear-cut because that is part of the whole async stack.

grembo
grembo approved these changes Aug 26, 2024
View reviewed changes
Copy link
Contributor

@grembo grembo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, here's my approval.

zier-one
zier-one reviewed Aug 29, 2024
View reviewed changes
tonic/src/transport/server/incoming.rs
e.kind(),
io::ErrorKind::ConnectionAborted
| io::ErrorKind::Interrupted
| io::ErrorKind::WouldBlock
Copy link

@zier-one zier-one Aug 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
| io::ErrorKind::WouldBlock
| io::ErrorKind::WouldBlock
| io::ErrorKind::InvalidData

When we got a TLS handshake error, A InvalidData error will happen here. see: #1897

@zier-one zier-one mentioned this pull request Aug 29, 2024
Closed
@zier-one
Copy link

zier-one commented Aug 29, 2024
edited
Loading

Should we maybe add more tests about TLS? It is really a critical bug that the server process exits when a TLS handshake error happened. Clients can easily perform denial-of-service attacks.

@djc djc requested a review from tottoto August 29, 2024 08:26
@djc
Copy link
Contributor Author

djc commented Aug 29, 2024

Might be nice to get this into 0.12.3.

@tottoto tottoto added this pull request to the merge queue Aug 29, 2024
Merged via the queue into master with commit a4472a8 Aug 29, 2024
@tottoto tottoto deleted the accept-ignore branch August 29, 2024 11:40
@lap1nou
Copy link

lap1nou commented Sep 28, 2024
edited
Loading

Should we maybe add more tests about TLS? It is really a critical bug that the server process exits when a TLS handshake error happened. Clients can easily perform denial-of-service attacks.

Hello,

Sorry to intervene in that merged PR, but shouldn't that bug have it's own CVE number ? I encountered that bug while developping my application and indeed this seems like a nice primitive to crash any gRPC TLS server running Tonic 0.12.2 (or less ?).

Regards.

@LucioFranco
Copy link
Member

LucioFranco commented Oct 1, 2024

Its been published as a GHSA-4jwc-w2hc-78qv and is a low sev CVE. RustSec PR will follow.

@krispraws krispraws mentioned this pull request Oct 10, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tottoto tottoto tottoto approved these changes

+2 more reviewers

@zier-one zier-one zier-one left review comments

@grembo grembo grembo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@djc @grembo @zier-one @lap1nou @LucioFranco @tottoto