Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/7.0] Fix disposing root X.509 certificate prematurely for OCSP stapling #82277

Merged
merged 6 commits into from
Mar 9, 2023
Merged

[release/7.0] Fix disposing root X.509 certificate prematurely for OCSP stapling #82277

merged 6 commits into from
Mar 9, 2023

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Feb 17, 2023
edited by karelz
Loading

Backport of #82116 to release/7.0
Fixes #81964

/cc @bartonjs @vcsjones

Customer Impact

Reported by a customer in #81964. In .NET 7, OCSP server stapling support was added for Linux. Customers that use a certificate chain that has exactly two certificates, including the root, will receive a segfault and the .NET process will crash due to incorrect management of the lifetime of an X.509 certificate when attempting to query the OCSP responder.

This change correctly handles certificate chains with two elements. Additionally, guards were introduced to correctly handle certificates that are in an invalid state.

Testing

Tests were introduced to cover the two certificate element chains.

Risk

Low. The changes are isolated and well understood, and tested.

Closes #81964

IMPORTANT: Is this backport for a servicing release? If so and this change touches code that ships in a NuGet package, please make certain that you have added any necessary package authoring and gotten it explicitly reviewed.

@vcsjones
Add failing tests for two-element OCSP stapling
eb5bc64
@vcsjones
Do not dispose of root certificate when it is used.
03d4c11 
This defers disposal of the root certificate when it might be needed for OCSP staple fetching.
Before this change, the root certificate would get disposed, giving it a null handle. We would then
use this null handle when attempting to build an OCSP request, which OpenSSL would null-deref.

For platforms that don't need the root certificate, they dispose of it.
@vcsjones
Add defense-in-depth so we don't null deref in native code.
98c9559 
Even though we've fixed the null pointer being passed now, add some defenses so that if we are somehow given a null handle some time in the future, we skip OCSP stapling instead of null derefing in native code.
@vcsjones
Dispose of intermediate authorities
c1a6949
@vcsjones
Code review feedback
f9f5694
@ghost
Copy link

ghost commented Feb 17, 2023

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Backport of #82116 to release/7.0

/cc @bartonjs @vcsjones

Customer Impact

Testing

Risk

IMPORTANT: Is this backport for a servicing release? If so and this change touches code that ships in a NuGet package, please make certain that you have added any necessary package authoring and gotten it explicitly reviewed.

Author: github-actions[bot]
Assignees: -
Labels:

area-System.Net.Security
Milestone: -

This was referenced Feb 17, 2023
Closed
Closed
@bartonjs
Copy link
Member

/azp run runtime-libraries-coreclr outerloop-linux

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@build-analysis build-analysis bot mentioned this pull request Feb 17, 2023
Open
2 tasks
@bartonjs bartonjs added the Servicing-consider Issue for next servicing release review label Feb 17, 2023
@rbhanda rbhanda added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Feb 23, 2023
@rbhanda rbhanda added this to the 7.0.5 milestone Feb 23, 2023
@vcsjones vcsjones mentioned this pull request Mar 8, 2023
Closed
1 task
@carlossanlop
Copy link
Member

Seeing some weird failure related to servicing versions:

src/native/corehost/corehost.proj(92,5): error MSB3073:
(NETCORE_ENGINEERING_TELEMETRY=Build)
The command ""/Users/runner/work/1/s/src/native/corehost/build.sh" Debug x64
 -apphostver "7.0.4" -hostver "7.0.4" -fxrver "7.0.4" -policyver "7.0.4"
 -commithash "80a6889b30dd0df92f71cb9c9beeb4bf5703c44b" -os OSX -cmakeargs
 "-DVERSION_FILE_PATH=/Users/runner/work/1/s/artifacts/obj/_version.c"
 -runtimeflavor coreclr -outputrid osx-x64" exited with code 1.

Rebasing since I already merged the branding PR and a few dependency flow PRs. Let's see if that makes the error goes away.

@carlossanlop
Copy link
Member

The failures look unrelated.

@carlossanlop carlossanlop merged commit 3bfe479 into release/7.0 Mar 9, 2023
@carlossanlop carlossanlop deleted the backport/pr-82116-to-release/7.0 branch March 9, 2023 01:24
@build-analysis build-analysis bot mentioned this pull request Mar 9, 2023
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Apr 8, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bartonjs bartonjs bartonjs approved these changes

Assignees
No one assigned
Labels
area-System.Net.Security Servicing-approved Approved for servicing release
Projects
None yet
Milestone
7.0.5
Development

Successfully merging this pull request may close these issues.
4 participants
@bartonjs @carlossanlop @rbhanda @vcsjones