[Cryptography] Heartbleed and malloc

Arnold Reinhold agr at me.com
Thu May 8 16:05:46 EDT 2014


In April, I edited the Wikipedia article on Heartbleed to reflect Theo de Raadt’s critique of OpenSSL’s memory management (http://article.gmane.org/gmane.os.openbsd.misc/211963). Other editors questioned this and a few of us have attempted to read the OpenSSL code. It looks like the Heartbeat extension did not used the free-list tools that Theo complained about. Heartbleed uses the OPENSSL_malloc wrapper, but from what I can determine, as long as debug modes are off, OPENSSL_malloc gets redefined in a series of steps to be the operating system malloc. 

Maybe Theo has a better understanding of what is going on, the OpenSSL source is very complex, but if our reading is correct, Theo’s critique may have been too harsh. Perhaps more importantly, to the extent that Theo is correct about OpenBSD’s malloc and free being able to catch the bad behavior of Heartbleed, this may put a bound on how widely the bug was exploited before it became public. Exploiting Heartbleed requires lots of probing because the bug returns a maximum of 64K bytes of memory per probe. The occasional crash might have been ignored, and maybe some exploiters could have been sophisticated enough to avoid OSs that have such safety measures. Still it should be possible to check old error logs for signs of Heartbleed exploitation. 

Am I missing something here?

Arnold Reinhold


More information about the cryptography mailing list