Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1816

HTTPS connection abruptly closed by HttpServerConnection

    XMLWordPrintable

Details

    • Hide

      -Either curl reproduces:

      curl -v -H "Expect: 100-continue" https://localhost:8443/app/ --insecure -X POST
curl -v -H "Expect: 100-continue" https://localhost:8443/app/ --insecure
      Show
      -Either curl reproduces: curl -v -H "Expect: 100- continue " https: //localhost:8443/app/ --insecure -X POST curl -v -H "Expect: 100- continue " https: //localhost:8443/app/ --insecure
    • Workaround Exists
    • Hide

      -Add a http-continue-accept filter

              <subsystem xmlns="urn:jboss:domain:undertow:3.1">
            <buffer-cache name="default"/>
            <server name="default-server">
                <http-listener name="default" socket-binding="http" redirect-socket="https"/>
                <host name="default-host" alias="localhost">
                    <location name="/" handler="welcome-content"/>
                    <filter-ref name="server-header"/>
                    <filter-ref name="x-powered-by-header"/>
                    <!-- added -->
                    <filter-ref name="continue"/>
                </host>
            </server>
            <servlet-container name="default">
                <jsp-config/>
                <websockets/>
           </servlet-container>
           <handlers>
                <file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
            </handlers>
            <filters>
                <response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
                <response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
                <!-- added -->
                <expression-filter name="continue" expression="http-continue-accept"/>
            </filters>
        </subsystem>
      Show
      -Add a http-continue-accept filter <subsystem xmlns= "urn:jboss:domain:undertow:3.1" > <buffer-cache name= " default " /> <server name= " default -server" > <http-listener name= " default " socket-binding= "http" redirect-socket= "https" /> <host name= " default -host" alias= "localhost" > <location name= "/" handler= "welcome-content" /> <filter-ref name= "server-header" /> <filter-ref name= "x-powered-by-header" /> <!-- added --> <filter-ref name= " continue " /> </host> </server> <servlet-container name= " default " > <jsp-config/> <websockets/> </servlet-container> <handlers> <file name= "welcome-content" path= "${jboss.home.dir}/welcome-content" /> </handlers> <filters> <response-header name= "server-header" header-name= "Server" header-value= "JBoss-EAP/7" /> <response-header name= "x-powered-by-header" header-name= "X-Powered-By" header-value= "Undertow/1" /> <!-- added --> <expression-filter name= " continue " expression= "http- continue -accept" /> </filters> </subsystem>
    • Undefined

    Description

      If a GET or POST with no body is sent via HTTPS with an Expect: 100-continue header, then it is silently closed with no response. Tracing clarifies this is from HttpServerConnection.terminateRequestChannel so relates to the CVE-2020-10705 fix:

      TRACE [io.undertow.request.io] (default task-3) Exception closing read side of SSL channel: javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1615)
	at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1542)
	at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:628)
	at io.undertow.protocols.ssl.SslConduit.terminateReads(SslConduit.java:219)
	at org.xnio.conduits.AbstractSourceConduit.terminateReads(AbstractSourceConduit.java:42)
	at org.xnio.conduits.AbstractSourceConduit.terminateReads(AbstractSourceConduit.java:42)
	at org.xnio.conduits.ConduitStreamSourceChannel.close(ConduitStreamSourceChannel.java:168)
	at org.xnio.IoUtils.safeClose(IoUtils.java:152)
	at io.undertow.server.protocol.http.HttpServerConnection.terminateRequestChannel(HttpServerConnection.java:149)

      A plain HTTP connection still gives a response.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-20398 [GSS](7.3.z) UNDERTOW-1816 - HTTPS connection abruptly closed by HttpServerConnection

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              spyrkob Bartosz Spyrko-Smietanko
              spyrkob Bartosz Spyrko-Smietanko
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: