Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-20398

[GSS](7.3.z) UNDERTOW-1816 - HTTPS connection abruptly closed by HttpServerConnection

XMLWordPrintable

    • False
    • False
    • +
    • Undefined
    • Workaround Exists
    • Hide

      -Add a http-continue-accept filter

              <subsystem xmlns="urn:jboss:domain:undertow:3.1">
                  <buffer-cache name="default"/>
                  <server name="default-server">
                      <http-listener name="default" socket-binding="http" redirect-socket="https"/>
                      <host name="default-host" alias="localhost">
                          <location name="/" handler="welcome-content"/>
                          <filter-ref name="server-header"/>
                          <filter-ref name="x-powered-by-header"/>
                          <!-- added -->
                          <filter-ref name="continue"/>
                      </host>
                  </server>
                  <servlet-container name="default">
                      <jsp-config/>
                      <websockets/>
                 </servlet-container>
                 <handlers>
                      <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
                  </handlers>
                  <filters>
                      <response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
                      <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
                      <!-- added -->
                      <expression-filter name="continue" expression="http-continue-accept"/>
                  </filters>
              </subsystem>
      
      Show
      -Add a http-continue-accept filter <subsystem xmlns= "urn:jboss:domain:undertow:3.1" > <buffer-cache name= " default " /> <server name= " default -server" > <http-listener name= " default " socket-binding= "http" redirect-socket= "https" /> <host name= " default -host" alias= "localhost" > <location name= "/" handler= "welcome-content" /> <filter-ref name= "server-header" /> <filter-ref name= "x-powered-by-header" /> <!-- added --> <filter-ref name= " continue " /> </host> </server> <servlet-container name= " default " > <jsp-config/> <websockets/> </servlet-container> <handlers> <file name= "welcome-content" path= "${jboss.home.dir}/welcome-content" /> </handlers> <filters> <response-header name= "server-header" header-name= "Server" header-value= "JBoss-EAP/7" /> <response-header name= "x-powered-by-header" header-name= "X-Powered-By" header-value= "Undertow/1" /> <!-- added --> <expression-filter name= " continue " expression= "http- continue -accept" /> </filters> </subsystem>
    • Hide

      -Either curl reproduces:

      curl -v -H "Expect: 100-continue" https://localhost:8443/app/ --insecure -X POST
      curl -v -H "Expect: 100-continue" https://localhost:8443/app/ --insecure
      
      Show
      -Either curl reproduces: curl -v -H "Expect: 100- continue " https: //localhost:8443/app/ --insecure -X POST curl -v -H "Expect: 100- continue " https: //localhost:8443/app/ --insecure

      If a GET or POST with no body is sent via HTTPS with an Expect: 100-continue header, then it is silently closed with no response. Tracing clarifies this is from HttpServerConnection.terminateRequestChannel so relates to the CVE-2020-10705 fix:

      TRACE [io.undertow.request.io] (default task-3) Exception closing read side of SSL channel: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
      	at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
      	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
      	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1615)
      	at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1542)
      	at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:628)
      	at io.undertow.protocols.ssl.SslConduit.terminateReads(SslConduit.java:219)
      	at org.xnio.conduits.AbstractSourceConduit.terminateReads(AbstractSourceConduit.java:42)
      	at org.xnio.conduits.AbstractSourceConduit.terminateReads(AbstractSourceConduit.java:42)
      	at org.xnio.conduits.ConduitStreamSourceChannel.close(ConduitStreamSourceChannel.java:168)
      	at org.xnio.IoUtils.safeClose(IoUtils.java:152)
      	at io.undertow.server.protocol.http.HttpServerConnection.terminateRequestChannel(HttpServerConnection.java:149)
      

      A plain HTTP connection still gives a response.

              spyrkob Bartosz Spyrko-Smietanko
              rhn-support-aogburn Aaron Ogburn
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: