Until TinyDTLS , an infinite loop bug had been found during handling ClientHello handshake message. This bug allows remote attackers to cause a denial of service via sending a malformed ClientHello handshake message with an odd cipher suites' length, which triggers an infinite loop until consuming all resources and buffer over-read to disclose sensitive information.
Suppose you have a malicious ClientHello message with the following values for the mentioned fields:
Cipher Suites Length is an odd number like 3 (this is a malicious number)
Two Suites whose length is 4 bytes
Extension Length whose length is not zero like 26 bytes
After handling this message in the normal handling way as follows, we enter into the function dtls_update_parameters() at the dtls.c:1024.
0x4e2b02 in dtls_update_parameters /home/etinydtls/dtls.c:1024:22
0x4e2b02 in handle_handshake_msg /home/etinydtls/dtls.c:3403:11
0x4cb1ce in handle_handshake /home/etinydtls/dtls.c:3493:14
0x4cb1ce in dtls_handle_message /home/etinydtls/dtls.c:3881:13
0x4c4efc in dtls_handle_read /home/etinydtls/tests/dtls-server.c:177:10
0x4c4efc in main /home/etinydtls/tests/dtls-server.c:352:2
0x7fb176ab10b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
0x41c45d in _start (/home/etinydtls/tests/dtls-server+0x41c45d)
When coming to dtls.c:1024 in the function dtls_update_parameters(), variable i is assigned to an int number, which stands for all cipher suites' length 3 in this message. After that, the condition data_length < i + sizeof(uint16) cannot refuse this packet cannot exclude this packet, as 4+26 < 3+2 is not satisfied. Hence, we come to the loop of confirming suites at the dtls.c:1024, where i is decreased by 2 each loop. The ending loop condition includes (i == 0), while the initial value of i is 3 thereby this condition will not be satisfied. Unfortunately, dtls server loops forever with unreachable exit conditions.
boaks
commented
5 months ago
Until TinyDTLS , an infinite loop bug had been found during handling ClientHello handshake message. This bug allows remote attackers to cause a denial of service via sending a malformed ClientHello handshake message with an odd cipher suites' length, which triggers an infinite loop until consuming all resources and buffer over-read to disclose sensitive information.
Suppose you have a malicious ClientHello message with the following values for the mentioned fields:
After handling this message in the normal handling way as follows, we enter into the function dtls_update_parameters() at the dtls.c:1024.
When coming to dtls.c:1024 in the function dtls_update_parameters(), variable i is assigned to an int number, which stands for all cipher suites' length 3 in this message. After that, the condition data_length < i + sizeof(uint16) cannot refuse this packet cannot exclude this packet, as 4+26 < 3+2 is not satisfied. Hence, we come to the loop of confirming suites at the dtls.c:1024, where i is decreased by 2 each loop. The ending loop condition includes (i == 0), while the initial value of i is 3 thereby this condition will not be satisfied. Unfortunately, dtls server loops forever with unreachable exit conditions.