Thank you all for your input! I was able to resolve this by making the `file` variable global and pinning it in memory before the wolfSSL reads/writes with the snippet below. I've pushed the new code to the repo https://github.com/lealem47/go-wolfssl-https-server.
* var p runtime.Pinner p.Pin(file) defer p.Unpin()* Jason, I believe actually did reproduce the issue. Another symptom of the issue was that the http Close() would get called twice for some reason, and that would end up double freeing the wolfSSL object. I made a tweak there to check if the object was free'd before attempting to free again, but I failed to include that tweak in the repo. My apologies. To answer the question about "why CGO & go-wolfssl instead of the Go standard library", the crypto-engine underneath wolfSSL (wolfCrypt), comes with paths certifications like FIPS. Lealem On Tuesday, December 3, 2024 at 2:48:31 PM UTC-7 Robert Engels wrote: > This is exactly why people have moved to memory safe languages for > critical infrastructure. Just to hard to get right and have the server be > malleable. > > On Dec 3, 2024, at 3:31 PM, Jason E. Aten <j.e....@gmail.com> wrote: > > Lealem, I wasn't able to reproduce the error you were seeing (perhaps > write a test case that does?), but when > > asking for a 5MB payload, I was able to make the go-wolfssl-https-server > repro server crash by itself on > an invalid wolfssh free() call. I'm not sure at which layer the bug is, > but there is something certainly off. > > Unless you have a strong need for pre-shared-keys (which the Go standard > library TLS server > does not support; https://github.com/golang/go/issues/6379), I would, > like Amnon, also think it > much better to use the standard library's TLS server facilities. Then you > won't need to mess with > the go-wolfssh shim or CGO at all. > > client: > $ curl https://localhost:8443/\?size\=5000000 -k > out.4 > > server log: > github.com/lealem47/go-wolfssl-https-server (main) $ ./cmd/rest/rest > INFO[2024-12-03T15:02:51-06:00] Server listening on https://localhost:8443 > ... > INFO[2024-12-03T15:03:37-06:00] Read bytes: GET /?size=5000000 HTTP/1.1 > Host: localhost:8443 > User-Agent: curl/7.58.0 > Accept: */* > > INFO[2024-12-03T15:03:37-06:00] Calling read: 1 > > INFO[2024-12-03T15:03:37-06:00] Calling write: 4096 > > INFO[2024-12-03T15:03:37-06:00] Closing connection > > INFO[2024-12-03T15:03:37-06:00] Closing connection > > free(): invalid pointer > SIGABRT: abort > PC=0x7f7189772e87 m=0 sigcode=18446744073709551610 > signal arrived during cgo execution > > goroutine 34 gp=0xc000104c40 m=0 mp=0xb00ea0 [syscall]: > runtime.cgocall(0x656db0, 0xc0002179d0) > /usr/local/go1.23.3/src/runtime/cgocall.go:167 +0x4b fp=0xc0002179a8 > sp=0xc000217970 pc=0x46ab8b > github.com/wolfssl/go-wolfssl._Cfunc_wolfSSL_free(0x7f712c000b20) > _cgo_gotypes.go:1598 +0x3f fp=0xc0002179d0 sp=0xc0002179a8 pc=0x50121f > main.(*wolfSSLConn).Close.WolfSSL_free.func2(0x7f712c000b20) > /home/jaten/go/pkg/mod/ > github.com/wolfssl/go-wo...@v0.0.0-20240829213546-44165fae06e4/ssl.go:113 > <http://github.com/wolfssl/go-wolfssl@v0.0.0-20240829213546-44165fae06e4/ssl.go:113> > > +0x3b fp=0xc000217a08 sp=0xc0002179d0 pc=0x654f9b > github.com/wolfssl/go-wolfssl.WolfSSL_free(...) > /home/jaten/go/pkg/mod/ > github.com/wolfssl/go-wo...@v0.0.0-20240829213546-44165fae06e4/ssl.go:113 > <http://github.com/wolfssl/go-wolfssl@v0.0.0-20240829213546-44165fae06e4/ssl.go:113> > main.(*wolfSSLConn).Close(0xc0001a4000) > /home/jaten/go/src/ > github.com/lealem47/go-wolfssl-https-server/cmd/rest/main.go:109 +0x58 > fp=0xc000217a50 sp=0xc000217a08 pc=0x654f18 > net/http.(*conn).close(0xc0001a6000) > /usr/local/go1.23.3/src/net/http/server.go:1800 +0x2b fp=0xc000217a68 > sp=0xc000217a50 pc=0x6404ab > net/http.(*conn).serve.func1() > /usr/local/go1.23.3/src/net/http/server.go:1959 +0x1e8 fp=0xc000217b08 > sp=0xc000217a68 pc=0x641e68 > runtime.deferreturn() > /usr/local/go1.23.3/src/runtime/panic.go:605 +0x5e fp=0xc000217b98 > sp=0xc000217b08 pc=0x438d3e > net/http.(*conn).serve(0xc0001a6000, {0x74e0b0, 0xc000128ff0}) > /usr/local/go1.23.3/src/net/http/server.go:2104 +0x7aa fp=0xc000217fb8 > sp=0xc000217b98 pc=0x64108a > net/http.(*Server).Serve.gowrap3() > /usr/local/go1.23.3/src/net/http/server.go:3360 +0x28 fp=0xc000217fe0 > sp=0xc000217fb8 pc=0x6457e8 > runtime.goexit({}) > /usr/local/go1.23.3/src/runtime/asm_amd64.s:1700 +0x1 fp=0xc000217fe8 > sp=0xc000217fe0 pc=0x477fc1 > created by net/http.(*Server).Serve in goroutine 1 > /usr/local/go1.23.3/src/net/http/server.go:3360 +0x485 > > goroutine 1 gp=0xc0000061c0 m=nil [IO wait]: > runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) > /usr/local/go1.23.3/src/runtime/proc.go:424 +0xce fp=0xc0000f99e8 > sp=0xc0000f99c8 pc=0x47056e > runtime.netpollblock(0xc000035a40?, 0x409626?, 0x0?) > /usr/local/go1.23.3/src/runtime/netpoll.go:575 +0xf7 fp=0xc0000f9a20 > sp=0xc0000f99e8 pc=0x4358f7 > internal/poll.runtime_pollWait(0x7f7140dafe00, 0x72) > /usr/local/go1.23.3/src/runtime/netpoll.go:351 +0x85 fp=0xc0000f9a40 > sp=0xc0000f9a20 pc=0x46f865 > internal/poll.(*pollDesc).wait(0xc000176000?, 0x50?, 0x0) > /usr/local/go1.23.3/src/internal/poll/fd_poll_runtime.go:84 +0x27 > fp=0xc0000f9a68 sp=0xc0000f9a40 pc=0x4b1147 > internal/poll.(*pollDesc).waitRead(...) > /usr/local/go1.23.3/src/internal/poll/fd_poll_runtime.go:89 > internal/poll.(*FD).Accept(0xc000176000) > /usr/local/go1.23.3/src/internal/poll/fd_unix.go:620 +0x295 > fp=0xc0000f9b10 sp=0xc0000f9a68 pc=0x4b2875 > net.(*netFD).accept(0xc000176000) > /usr/local/go1.23.3/src/net/fd_unix.go:172 +0x29 fp=0xc0000f9bc8 > sp=0xc0000f9b10 pc=0x51cd49 > net.(*TCPListener).accept(0xc000132240) > /usr/local/go1.23.3/src/net/tcpsock_posix.go:159 +0x1e fp=0xc0000f9c18 > sp=0xc0000f9bc8 pc=0x52d23e > net.(*TCPListener).Accept(0xc000132240) > /usr/local/go1.23.3/src/net/tcpsock.go:372 +0x30 fp=0xc0000f9c48 > sp=0xc0000f9c18 pc=0x52c570 > main.(*wolfSSLListener).Accept(0xc000126198) > /home/jaten/go/src/ > github.com/lealem47/go-wolfssl-https-server/cmd/rest/main.go:27 +0x32 > fp=0xc0000f9d00 sp=0xc0000f9c48 pc=0x654392 > net/http.(*onceCloseListener).Accept(0xc0001a6000?) > <autogenerated>:1 +0x24 fp=0xc0000f9d18 sp=0xc0000f9d00 pc=0x6536a4 > net/http.(*Server).Serve(0xc0001640f0, {0x74da88, 0xc000126198}) > /usr/local/go1.23.3/src/net/http/server.go:3330 +0x30c fp=0xc0000f9e48 > sp=0xc0000f9d18 pc=0x6453ec > net/http.Serve(...) > /usr/local/go1.23.3/src/net/http/server.go:2858 > main.main() > /home/jaten/go/src/ > github.com/lealem47/go-wolfssl-https-server/cmd/rest/main.go:219 +0x392 > fp=0xc0000f9f50 sp=0xc0000f9e48 pc=0x655792 > runtime.main() > /usr/local/go1.23.3/src/runtime/proc.go:272 +0x28b fp=0xc0000f9fe0 > sp=0xc0000f9f50 pc=0x43ce8b > runtime.goexit({}) > /usr/local/go1.23.3/src/runtime/asm_amd64.s:1700 +0x1 fp=0xc0000f9fe8 > sp=0xc0000f9fe0 pc=0x477fc1 > > ... > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts...@googlegroups.com. > > To view this discussion visit > https://groups.google.com/d/msgid/golang-nuts/ec0aaa89-23a4-45be-8626-fb6eaf8fd4bdn%40googlegroups.com > > <https://groups.google.com/d/msgid/golang-nuts/ec0aaa89-23a4-45be-8626-fb6eaf8fd4bdn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/78164daf-df12-4b75-bd02-e859cd357549n%40googlegroups.com.
