Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SslStream tests show use after dispose handle in System.Net.Security.SecureChannel.GenerateToken #47195

Closed
hoyosjs opened this issue Jan 19, 2021 · 9 comments
Closed

SslStream tests show use after dispose handle in System.Net.Security.SecureChannel.GenerateToken #47195

hoyosjs opened this issue Jan 19, 2021 · 9 comments
Labels
area-System.Net.Security os-windows test-run-core Test failures in .NET Core test runs
Milestone
7.0.0

Comments

@hoyosjs
Copy link
Member

hoyosjs commented Jan 19, 2021
edited
Loading

Description

Seen on Windows x86 on SslStream_ClientSendsSNIServerReceives_Ok. There's a use after dispose case on a handle provided by SSPI

System.ObjectDisposedException : Safe handle has been closed.\r\nObject name: 'SafeHandle'
   at System.Runtime.InteropServices.SafeHandle.InternalRelease(Boolean disposeOrFinalizeOperation) in /_/src/libraries/System.Private.CoreLib/src/System/Runtime/InteropServices/SafeHandle.cs:line 201
   at System.Runtime.InteropServices.SafeHandle.DangerousRelease() in /_/src/libraries/System.Private.CoreLib/src/System/Runtime/InteropServices/SafeHandle.cs:line 164
   at System.Net.Security.SafeDeleteContext.MustRunAcceptSecurityContext_SECURITY(SafeFreeCredentials& inCredentials, Boolean isContextAbsent, SecBufferDesc* inputBuffer, ContextFlags inFlags, Endianness endianness, SafeDeleteContext outContext, SecBufferDesc& outputBuffer, ContextFlags& outFlags, SafeFreeContextBuffer handleTemplate) in /_/src/libraries/Common/src/Interop/Windows/SspiCli/SecuritySafeHandles.cs:line 944
   at System.Net.Security.SafeDeleteContext.AcceptSecurityContext(SafeFreeCredentials& inCredentials, SafeDeleteSslContext& refContext, ContextFlags inFlags, Endianness endianness, InputSecurityBuffers inSecBuffers, SecurityBuffer& outSecBuffer, ContextFlags& outFlags) in /_/src/libraries/Common/src/Interop/Windows/SspiCli/SecuritySafeHandles.cs:line 783
   at System.Net.SSPISecureChannelType.AcceptSecurityContext(SafeFreeCredentials credential, SafeDeleteSslContext& context, InputSecurityBuffers inputBuffers, ContextFlags inFlags, Endianness endianness, SecurityBuffer& outputBuffer, ContextFlags& outFlags) in /_/src/libraries/Common/src/Interop/Windows/SspiCli/SSPISecureChannelType.cs:line 55
   at System.Net.SSPIWrapper.AcceptSecurityContext(ISSPIInterface secModule, SafeFreeCredentials credential, SafeDeleteSslContext& context, ContextFlags inFlags, Endianness datarep, InputSecurityBuffers inputBuffers, SecurityBuffer& outputBuffer, ContextFlags& outFlags) in /_/src/libraries/Common/src/Interop/Windows/SspiCli/SSPIWrapper.cs:line 160
   at System.Net.Security.SslStreamPal.AcceptSecurityContext(SafeFreeCredentials& credentialsHandle, SafeDeleteSslContext& context, ReadOnlySpan`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs:line 69
   at System.Net.Security.SecureChannel.GenerateToken(ReadOnlySpan`1 inputBuffer, Byte[]& output) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SecureChannel.cs:line 782
   at System.Net.Security.SecureChannel.NextMessage(ReadOnlySpan`1 incomingBuffer) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SecureChannel.cs:line 719
   at System.Net.Security.SslStream.ProcessBlob(Int32 frameSize) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 577
   at System.Net.Security.SslStream.ReceiveBlobAsync[TIOAdapter](TIOAdapter adapter) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 539
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 356
   at System.Threading.Tasks.TaskTimeoutExtensions.WhenAllOrAnyFailed(Task[] tasks) in /_/src/libraries/Common/tests/System/Threading/Tasks/TaskTimeoutExtensions.cs:line 96
   at System.Threading.Tasks.TaskTimeoutExtensions.WhenAllOrAnyFailed(Task[] tasks) in /_/src/libraries/Common/tests/System/Threading/Tasks/TaskTimeoutExtensions.cs:line 124
   at System.Net.Security.Tests.SslStreamSniTest.<>c__DisplayClass0_0.<<SslStream_ClientSendsSNIServerReceives_Ok>b__0>d.MoveNext() in /_/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs:line 41
--- End of stack trace from previous location ---
   at System.Net.Security.Tests.SslStreamSniTest.WithVirtualConnection(Func`3 serverClientConnection, RemoteCertificateValidationCallback clientCertValidate) in /_/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs:line 204
   at System.Net.Security.Tests.SslStreamSniTest.SslStream_ClientSendsSNIServerReceives_Ok(String hostName) in /_/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs:line 25
--- End of stack trace from previous location ---
@ghost
Copy link

ghost commented Jan 19, 2021

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

Description

Seen on Windows x86. There's a use after dispose case on a handle provided by SSPI

System.ObjectDisposedException : Safe handle has been closed.\r\nObject name: 'SafeHandle'
   at System.Runtime.InteropServices.SafeHandle.InternalRelease(Boolean disposeOrFinalizeOperation) in /_/src/libraries/System.Private.CoreLib/src/System/Runtime/InteropServices/SafeHandle.cs:line 201
   at System.Runtime.InteropServices.SafeHandle.DangerousRelease() in /_/src/libraries/System.Private.CoreLib/src/System/Runtime/InteropServices/SafeHandle.cs:line 164
   at System.Net.Security.SafeDeleteContext.MustRunAcceptSecurityContext_SECURITY(SafeFreeCredentials& inCredentials, Boolean isContextAbsent, SecBufferDesc* inputBuffer, ContextFlags inFlags, Endianness endianness, SafeDeleteContext outContext, SecBufferDesc& outputBuffer, ContextFlags& outFlags, SafeFreeContextBuffer handleTemplate) in /_/src/libraries/Common/src/Interop/Windows/SspiCli/SecuritySafeHandles.cs:line 944
   at System.Net.Security.SafeDeleteContext.AcceptSecurityContext(SafeFreeCredentials& inCredentials, SafeDeleteSslContext& refContext, ContextFlags inFlags, Endianness endianness, InputSecurityBuffers inSecBuffers, SecurityBuffer& outSecBuffer, ContextFlags& outFlags) in /_/src/libraries/Common/src/Interop/Windows/SspiCli/SecuritySafeHandles.cs:line 783
   at System.Net.SSPISecureChannelType.AcceptSecurityContext(SafeFreeCredentials credential, SafeDeleteSslContext& context, InputSecurityBuffers inputBuffers, ContextFlags inFlags, Endianness endianness, SecurityBuffer& outputBuffer, ContextFlags& outFlags) in /_/src/libraries/Common/src/Interop/Windows/SspiCli/SSPISecureChannelType.cs:line 55
   at System.Net.SSPIWrapper.AcceptSecurityContext(ISSPIInterface secModule, SafeFreeCredentials credential, SafeDeleteSslContext& context, ContextFlags inFlags, Endianness datarep, InputSecurityBuffers inputBuffers, SecurityBuffer& outputBuffer, ContextFlags& outFlags) in /_/src/libraries/Common/src/Interop/Windows/SspiCli/SSPIWrapper.cs:line 160
   at System.Net.Security.SslStreamPal.AcceptSecurityContext(SafeFreeCredentials& credentialsHandle, SafeDeleteSslContext& context, ReadOnlySpan`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs:line 69
   at System.Net.Security.SecureChannel.GenerateToken(ReadOnlySpan`1 inputBuffer, Byte[]& output) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SecureChannel.cs:line 782
   at System.Net.Security.SecureChannel.NextMessage(ReadOnlySpan`1 incomingBuffer) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SecureChannel.cs:line 719
   at System.Net.Security.SslStream.ProcessBlob(Int32 frameSize) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 577
   at System.Net.Security.SslStream.ReceiveBlobAsync[TIOAdapter](TIOAdapter adapter) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 539
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 356
   at System.Threading.Tasks.TaskTimeoutExtensions.WhenAllOrAnyFailed(Task[] tasks) in /_/src/libraries/Common/tests/System/Threading/Tasks/TaskTimeoutExtensions.cs:line 96
   at System.Threading.Tasks.TaskTimeoutExtensions.WhenAllOrAnyFailed(Task[] tasks) in /_/src/libraries/Common/tests/System/Threading/Tasks/TaskTimeoutExtensions.cs:line 124
   at System.Net.Security.Tests.SslStreamSniTest.<>c__DisplayClass0_0.<<SslStream_ClientSendsSNIServerReceives_Ok>b__0>d.MoveNext() in /_/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs:line 41
--- End of stack trace from previous location ---
   at System.Net.Security.Tests.SslStreamSniTest.WithVirtualConnection(Func`3 serverClientConnection, RemoteCertificateValidationCallback clientCertValidate) in /_/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs:line 204
   at System.Net.Security.Tests.SslStreamSniTest.SslStream_ClientSendsSNIServerReceives_Ok(String hostName) in /_/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSniTest.cs:line 25
--- End of stack trace from previous location ---
Author: hoyosjs
Assignees: -
Labels:

area-System.Net.Security
Milestone: -

@dotnet-issue-labeler dotnet-issue-labeler bot added the untriaged New issue has not been triaged by the area owner label Jan 19, 2021
@hoyosjs hoyosjs removed the untriaged New issue has not been triaged by the area owner label Jan 19, 2021
@hoyosjs
Copy link
Member Author

hoyosjs commented Jan 19, 2021

Seen in another test here:

https://dev.azure.com/dnceng/public/_build/results?buildId=955494&view=ms.vss-test-web.build-test-results-tab&runId=30143950&resultId=141857&paneView=debug

System.ObjectDisposedException : Safe handle has been closed.\r\nObject name: 'SafeHandle'.
   at System.Runtime.InteropServices.SafeHandle.InternalRelease(Boolean disposeOrFinalizeOperation) in /_/src/libraries/System.Private.CoreLib/src/System/Runtime/InteropServices/SafeHandle.cs:line 201
   at System.Runtime.InteropServices.SafeHandle.DangerousRelease() in /_/src/libraries/System.Private.CoreLib/src/System/Runtime/InteropServices/SafeHandle.cs:line 164
   at System.Net.Security.SafeDeleteContext.MustRunInitializeSecurityContext(SafeFreeCredentials& inCredentials, Boolean isContextAbsent, Byte* targetName, ContextFlags inFlags, Endianness endianness, SecBufferDesc* inputBuffer, SafeDeleteContext outContext, SecBufferDesc& outputBuffer, ContextFlags& attributes, SafeFreeContextBuffer handleTemplate) in /_/src/libraries/Common/src/Interop/Windows/SspiCli/SecuritySafeHandles.cs:line 639
   at System.Net.Security.SafeDeleteContext.InitializeSecurityContext(SafeFreeCredentials& inCredentials, SafeDeleteSslContext& refContext, String targetName, ContextFlags inFlags, Endianness endianness, InputSecurityBuffers inSecBuffers, SecurityBuffer& outSecBuffer, ContextFlags& outFlags) in /_/src/libraries/Common/src/Interop/Windows/SspiCli/SecuritySafeHandles.cs:line 469
   at System.Net.SSPISecureChannelType.InitializeSecurityContext(SafeFreeCredentials& credential, SafeDeleteSslContext& context, String targetName, ContextFlags inFlags, Endianness endianness, InputSecurityBuffers inputBuffers, SecurityBuffer& outputBuffer, ContextFlags& outFlags) in /_/src/libraries/Common/src/Interop/Windows/SspiCli/SSPISecureChannelType.cs:line 60
   at System.Net.SSPIWrapper.InitializeSecurityContext(ISSPIInterface secModule, SafeFreeCredentials& credential, SafeDeleteSslContext& context, String targetName, ContextFlags inFlags, Endianness datarep, InputSecurityBuffers inputBuffers, SecurityBuffer& outputBuffer, ContextFlags& outFlags) in /_/src/libraries/Common/src/Interop/Windows/SspiCli/SSPIWrapper.cs:line 149
   at System.Net.Security.SslStreamPal.InitializeSecurityContext(SafeFreeCredentials& credentialsHandle, SafeDeleteSslContext& context, String targetName, ReadOnlySpan`1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslStreamPal.Windows.cs:line 98
   at System.Net.Security.SecureChannel.GenerateToken(ReadOnlySpan`1 inputBuffer, Byte[]& output) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SecureChannel.cs:line 791
   at System.Net.Security.SecureChannel.NextMessage(ReadOnlySpan`1 incomingBuffer) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SecureChannel.cs:line 719
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
   at System.Threading.Tasks.TaskTimeoutExtensions.WhenAllOrAnyFailed(Task[] tasks) in /_/src/libraries/Common/tests/System/Threading/Tasks/TaskTimeoutExtensions.cs:line 96
   at System.Threading.Tasks.TaskTimeoutExtensions.WhenAllOrAnyFailed(Task[] tasks) in /_/src/libraries/Common/tests/System/Threading/Tasks/TaskTimeoutExtensions.cs:line 124
   at System.Net.Security.Tests.SslStreamConformanceTests.CreateWrappedConnectedStreamsAsync(StreamPair wrapped, Boolean leaveOpen) in /_/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamConformanceTests.cs:line 27
   at System.IO.Tests.ConnectedStreamConformanceTests.ZeroByteWrite_OtherDataReceivedSuccessfully(ReadWriteMode mode) in /_/src/libraries/Common/tests/Tests/System/IO/StreamConformanceTests.cs:line 2180
--- End of stack trace from previous location ---

@hoyosjs hoyosjs mentioned this issue Jan 19, 2021
Closed
@hoyosjs hoyosjs changed the title SslStream_ClientSendsSNIServerReceives_Ok use after dispose in tests SslStream tests show use after dispose handle in AcceptSecurityContext Jan 19, 2021
@hoyosjs hoyosjs changed the title SslStream tests show use after dispose handle in AcceptSecurityContext SslStream tests show use after dispose handle in System.Net.Security.SecureChannel.GenerateToken Jan 19, 2021
@hoyosjs
Copy link
Member Author

hoyosjs commented Jan 19, 2021

A good query to understand this one: https://runfo.azurewebsites.net/search/tests/?bq=definition%3Aruntime++started%3A%7E15&tq=message%3A%22System.ObjectDisposedException+%3A+Safe+handle+has+been+closed%22

@wfurt
Copy link
Member

wfurt commented Jan 21, 2021

cc: @aik-jahoda

@hoyosjs hoyosjs added the blocking-clean-ci Blocking PR or rolling runs of 'runtime' or 'runtime-extra-platforms' label Jan 22, 2021
@runfoapp runfoapp bot mentioned this issue Jan 22, 2021
Closed
@VincentBu

This comment has been minimized.

Sign in to view
@karelz karelz added test-run-core Test failures in .NET Core test runs and removed blocking-clean-ci Blocking PR or rolling runs of 'runtime' or 'runtime-extra-platforms' labels May 20, 2021
@karelz karelz added this to the Future milestone May 20, 2021
@karelz
Copy link
Member

karelz commented May 20, 2021

Perhaps related to #30724?

@karelz
Copy link
Member

karelz commented May 20, 2021
edited
Loading

Failures 3/18-5/19 (incl. PRs) of tests:

  • SslStream_ClientSendsSNIServerReceives_Ok - 0 hits
  • ZeroByteWrite_OtherDataReceivedSuccessfully - 1 hit (see table below)
  • ReadTimeout_Expires_Throws - 1 hit (see table below)
Date Build OS Test
4/23 PR #51702 Windows.81.Amd64.Open ZeroByteWrite_OtherDataReceivedSuccessfully
5/19 jitstress2_tiered Windows.10.Arm64v8.Open ReadTimeout_Expires_Throws

@VincentBu
Copy link
Contributor

Failed in runtime-coreclr libraries-jitstress 20210608.1

Failed test:

net6.0-windows-Release-x86-CoreCLR_checked-tailcallstress-Windows.10.Amd64.Open

- System.Net.Security.Tests.ApmSslStreamSystemDefaultTest.ClientAndServer_OneOrBothUseDefault_Ok(clientProtocols: Tls12, serverProtocols: null)

Error message:

System.ObjectDisposedException : Safe handle has been closed.
Object name: 'SafeHandle'.


Stack trace
   at System.Runtime.InteropServices.SafeHandle.DangerousAddRef(Boolean& success) in /_/src/libraries/System.Private.CoreLib/src/System/Runtime/InteropServices/SafeHandle.cs:line 148
   at System.Net.Security.SafeCredentialReference.CreateReference(SafeFreeCredentials target) in /_/src/libraries/Common/src/System/Net/Security/SafeCredentialReference.cs:line 25
   at System.Net.Security.SslSessionsCache.<CacheCredential>g__ShrinkCredentialCache|5_0() in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslSessionsCache.cs:line 224
   at System.Net.Security.SslSessionsCache.CacheCredential(SafeFreeCredentials creds, Byte[] thumbPrint, SslProtocols sslProtocols, Boolean isServer, EncryptionPolicy encryptionPolicy) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslSessionsCache.cs:line 182
   at System.Net.Security.SecureChannel.GenerateToken(ReadOnlySpan`1 inputBuffer, Byte[]& output) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SecureChannel.cs:line 823
   at System.Net.Security.SecureChannel.NextMessage(ReadOnlySpan`1 incomingBuffer) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SecureChannel.cs:line 731
   at System.Net.Security.SslStream.ProcessBlob(Int32 frameSize) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 632
   at System.Net.Security.SslStream.ReceiveBlobAsync[TIOAdapter](TIOAdapter adapter) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 594
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) in /_/src/libraries/System.Net.Security/src/System/Net/Security/SslStream.Implementation.cs:line 411
   at System.Threading.Tasks.TaskToApm.End(IAsyncResult asyncResult) in /_/src/libraries/Common/src/System/Threading/Tasks/TaskToApm.cs:line 41
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization) in /_/src/libraries/System.Private.CoreLib/src/System/Threading/Tasks/FutureFactory.cs:line 511
--- End of stack trace from previous location ---
   at System.Threading.Tasks.TaskTimeoutExtensions.WhenAllOrAnyFailed(Task[] tasks) in /_/src/libraries/Common/tests/System/Threading/Tasks/TaskTimeoutExtensions.cs:line 55
   at System.Threading.Tasks.TaskTimeoutExtensions.WhenAllOrAnyFailed(Task[] tasks) in /_/src/libraries/Common/tests/System/Threading/Tasks/TaskTimeoutExtensions.cs:line 82
   at System.Threading.Tasks.TaskTimeoutExtensions.WhenAllOrAnyFailed(Task[] tasks, Int32 millisecondsTimeout) in /_/src/libraries/Common/tests/System/Threading/Tasks/TaskTimeoutExtensions.cs:line 49
   at System.Net.Security.Tests.SslStreamSystemDefaultTest.ClientAndServer_OneOrBothUseDefault_Ok(Nullable`1 clientProtocols, Nullable`1 serverProtocols) in /_/src/libraries/System.Net.Security/tests/FunctionalTests/SslStreamSystemDefaultsTest.cs:line 86
--- End of stack trace from previous location ---

@rzikm
Copy link
Member

rzikm commented Mar 9, 2022

Looks like duplicate of #46770

@rzikm rzikm closed this as completed Mar 9, 2022
@karelz karelz modified the milestones: Future, 7.0.0 Apr 8, 2022
@ghost ghost locked as resolved and limited conversation to collaborators May 8, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-System.Net.Security os-windows test-run-core Test failures in .NET Core test runs
Projects
None yet
Milestone
7.0.0
Development

No branches or pull requests
5 participants
@karelz @wfurt @hoyosjs @rzikm @VincentBu