Opened 7 months ago

Closed 7 months ago

#2645 closed defect (invalid)

SSL_read bad length error when uploading large files over HTTPS

Reported by: koducloud@… Owned by:
Priority: minor Milestone:
Component: nginx-module Version:
Keywords: Cc:
uname -a: Linux example.com 5.10.0-29-amd64 #1 SMP Debian 5.10.216-1 (2024-05-03) x86_64 GNU/Linux
nginx -V: root@s8a49d169:~# nginx -V
nginx version: nginx/1.26.0
built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
built with OpenSSL 1.1.1n 15 Mar 2022 (running with OpenSSL 1.1.1w 11 Sep 2023)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_v3_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.26.0/debian/debuild-base/nginx-1.26.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'

Description

When attempting to upload files of approximately 2.8 GB via HTTPS, we encounter the following error:

SSL_read() failed (SSL: error:140DF10F:SSL routines:SSL_read:bad length)

We suspect that this issue is related to the use of the SSL_read() function, which is overflowing.

Not sure, but a possible solution might be to use the SSL_read_ex() function instead.

Attachments (1)

debug.log (14.4 KB ) - added by koducloud@… 7 months ago.

Download all attachments as: .zip

Change History (4)

by koducloud@…, 7 months ago

Attachment: debug.log added

comment:1 by Roman Arutyunyan, 7 months ago

SSL_read() may fail if buffer size does not fit in an int, which is typically a 32-bit integer. What's the value of client_body_buffer_size in your configuration? Setting it to something like 2Gb is a bad idea.

in reply to:  1 comment:2 by koducloud@…, 7 months ago

Replying to Roman Arutyunyan:

SSL_read() may fail if buffer size does not fit in an int, which is typically a 32-bit integer. What's the value of client_body_buffer_size in your configuration? Setting it to something like 2Gb is a bad idea.

You are right, the value of client_body_buffer_size was too high. Shame on me.

Sorry for the time you spent. Please close the ticket.

Best regards.

comment:3 by Roman Arutyunyan, 7 months ago

Resolution: invalid
Status: newclosed
Note: See TracTickets for help on using tickets.