Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-20398

[GSS](7.3.z) UNDERTOW-1816 - HTTPS connection abruptly closed by HttpServerConnection

XMLWordPrintable

    • False
    • False
    • +
    • Undefined
    • Workaround Exists
    • Hide

      -Add a http-continue-accept filter

              <subsystem xmlns="urn:jboss:domain:undertow:3.1">
            <buffer-cache name="default"/>
            <server name="default-server">
                <http-listener name="default" socket-binding="http" redirect-socket="https"/>
                <host name="default-host" alias="localhost">
                    <location name="/" handler="welcome-content"/>
                    <filter-ref name="server-header"/>
                    <filter-ref name="x-powered-by-header"/>
                    <!-- added -->
                    <filter-ref name="continue"/>
                </host>
            </server>
            <servlet-container name="default">
                <jsp-config/>
                <websockets/>
           </servlet-container>
           <handlers>
                <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
            </handlers>
            <filters>
                <response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
                <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
                <!-- added -->
                <expression-filter name="continue" expression="http-continue-accept"/>
            </filters>
        </subsystem>
      Show
      -Add a http-continue-accept filter <subsystem xmlns= "urn:jboss:domain:undertow:3.1" > <buffer-cache name= " default " /> <server name= " default -server" > <http-listener name= " default " socket-binding= "http" redirect-socket= "https" /> <host name= " default -host" alias= "localhost" > <location name= "/" handler= "welcome-content" /> <filter-ref name= "server-header" /> <filter-ref name= "x-powered-by-header" /> <!-- added --> <filter-ref name= " continue " /> </host> </server> <servlet-container name= " default " > <jsp-config/> <websockets/> </servlet-container> <handlers> <file name= "welcome-content" path= "${jboss.home.dir}/welcome-content" /> </handlers> <filters> <response-header name= "server-header" header-name= "Server" header-value= "JBoss-EAP/7" /> <response-header name= "x-powered-by-header" header-name= "X-Powered-By" header-value= "Undertow/1" /> <!-- added --> <expression-filter name= " continue " expression= "http- continue -accept" /> </filters> </subsystem>
    • Hide

      -Either curl reproduces:

      curl -v -H "Expect: 100-continue" https://localhost:8443/app/ --insecure -X POST
curl -v -H "Expect: 100-continue" https://localhost:8443/app/ --insecure
      Show
      -Either curl reproduces: curl -v -H "Expect: 100- continue " https: //localhost:8443/app/ --insecure -X POST curl -v -H "Expect: 100- continue " https: //localhost:8443/app/ --insecure

      If a GET or POST with no body is sent via HTTPS with an Expect: 100-continue header, then it is silently closed with no response. Tracing clarifies this is from HttpServerConnection.terminateRequestChannel so relates to the CVE-2020-10705 fix:

      TRACE [io.undertow.request.io] (default task-3) Exception closing read side of SSL channel: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1615)
	at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1542)
	at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:628)
	at io.undertow.protocols.ssl.SslConduit.terminateReads(SslConduit.java:219)
	at org.xnio.conduits.AbstractSourceConduit.terminateReads(AbstractSourceConduit.java:42)
	at org.xnio.conduits.AbstractSourceConduit.terminateReads(AbstractSourceConduit.java:42)
	at org.xnio.conduits.ConduitStreamSourceChannel.close(ConduitStreamSourceChannel.java:168)
	at org.xnio.IoUtils.safeClose(IoUtils.java:152)
	at io.undertow.server.protocol.http.HttpServerConnection.terminateRequestChannel(HttpServerConnection.java:149)

      A plain HTTP connection still gives a response.

            spyrkob Bartosz Spyrko-Smietanko
            rhn-support-aogburn Aaron Ogburn
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: