[Cryptography] Something that's bothering me about the heartbleed discussion.....

Jerry Leichter leichter at lrw.com
Sun Apr 20 18:19:54 EDT 2014


On Apr 18, 2014, at 4:08 AM, Guido Witmond <guido at witmond.nl> wrote:
> Every parser (that reads data from outside) needs to run in their own protection domain.
Well, of as stated that gives you an infinite regress:  Somehow, you have to send information from one protection domain to another, and the receiver then has to parse it, and that parser has to go into another protection domain. :-)

Heartbleed is a parser bug.  Since the data received from the outsider world *is* the attack surface, it should be no surprise that many attacks arise there.  For them to arise deeper in the code, an attacker first has to slip past the parser, which almost always requires that they find a bug in the parser - or even in the specification that the parser implements.

Given this ... isn't it astounding that *we are still writing parsers for network protocols by hand*?  And from "semi-formal" specifications that often turn out to be ambiguous?

We faced this problem for programming languages in the 1960's, and we solved it, first with formal, verifiably unambiguous, syntactic specifications, then with parser generators.  And yet you look at pretty much any piece of software that reads data from a socket and it's got hand-written code to pull out the length field as a couple of bytes, convert it to a length, verify that the length makes sense (if the programmer remembers), copy the data off to a buffer, etc.

There are many reasons why the Heartbleed bug should never have slipped into the code, but beyond that *there's no reason why any human being should have been writing that code to begin with*.  While far from an *ideal*, or even a *good*, solution, one could probably have done this in lex (with some action code to deal with things like converting length fields) and had a much better chance of getting it *consistently* right.
                                                        -- Jerry



More information about the cryptography mailing list