[Cryptography] Heartbleed and malloc

Phillip Hallam-Baker hallam at gmail.com
Fri May 9 07:30:56 EDT 2014


On Thu, May 8, 2014 at 4:05 PM, Arnold Reinhold <agr at me.com> wrote:
> In April, I edited the Wikipedia article on Heartbleed to reflect Theo de Raadt’s critique of OpenSSL’s memory management (http://article.gmane.org/gmane.os.openbsd.misc/211963). Other editors questioned this and a few of us have attempted to read the OpenSSL code. It looks like the Heartbeat extension did not used the free-list tools that Theo complained about. Heartbleed uses the OPENSSL_malloc wrapper, but from what I can determine, as long as debug modes are off, OPENSSL_malloc gets redefined in a series of steps to be the operating system malloc.
>
> Maybe Theo has a better understanding of what is going on, the OpenSSL source is very complex, but if our reading is correct, Theo’s critique may have been too harsh. Perhaps more importantly, to the extent that Theo is correct about OpenBSD’s malloc and free being able to catch the bad behavior of Heartbleed, this may put a bound on how widely the bug was exploited before it became public. Exploiting Heartbleed requires lots of probing because the bug returns a maximum of 64K bytes of memory per probe. The occasional crash might have been ignored, and maybe some exploiters could have been sophisticated enough to avoid OSs that have such safety measures. Still it should be possible to check old error logs for signs of Heartbleed exploitation.


I am not too worried about exploits before the bug was found. Its the
exploits that came afterwards that worry me. Those will continue for a
long time.

Getting OpenSSL to compile and run is not so easy. It is in fact a
PITA and the documentation is of the chocolate teapot variety.

As for complexity, that is itself a problem. A system that is too
complex is a problem in itself.

-- 
Website: http://hallambaker.com/


More information about the cryptography mailing list