[Cryptography] Something that's bothering me about the heartbleed discussion.....

Peter Trei petertrei at gmail.com
Thu Apr 17 22:28:57 EDT 2014


On Thu, Apr 17, 2014 at 6:51 PM, Jerry Leichter <leichter at lrw.com> wrote:

> On Apr 17, 2014, at 5:01 PM, Peter Trei <petertrei at gmail.com> wrote:
> We're all talking about a serious bug in OpenSSL code.
> >
> > But the bug itself isn't a crypto bug. It's a general programming bug,
> which
> > could occur in any server code when the client can say 'send me the
> first X
> > bytes of buffer FOO', and the server does that without checking that
> > X <= length(FOO).
> >
> > Its a bounds checking bug, which just happened to appear in security
> related
> > code.
> >
> > The same error could occur in many other parts of a server program, with
> the
> > same devastating consequences.
>


> It's worse than that.  It could occur in any program that *uses* OpenSSL.
>  Among such programs, there are many that allow for plugins and other
> open-ended extensions.  Those are just as hazardous.
>
> So it's not just OpenSSL.  It's every bit of code that *uses* OpenSSL, and
> every bit of code the *uses* the code that *uses* OpenSSL.
>

I think you may have missed my point. This style of security hole could
exist in server programs which don't use OpenSSL; indeed, which don't use
crypto at all. All it requires is that the client/server protocol allows
the client to cause a unchecked read as I described, and sensitive data be
available in program-accessible memory, whether put
there by the server, or dredged up unzeroed in a malloc.

Fixing crypto code, and/or walling it off as you suggest, won't prevent
Heartbleed
style bugs in other server code.

We've known for years that buffer overflows can be used for code injection.
In Heartbleed, we're seeing the same problem being used for data
exfiltration.

Fixes which prevent read/write access to code segment memory, or execution
of data as code, won't solve this. Perhaps Intel MPX will, once we move to
processors  which have it, compilers support that feature, and server
software
is rebuilt.

Peter Trei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140417/273eb67c/attachment.html>


More information about the cryptography mailing list