[Cryptography] Heartbleed and malloc
Viktor Dukhovni
cryptography at dukhovni.org
Fri May 9 11:31:13 EDT 2014
On Fri, May 09, 2014 at 11:12:53AM -0400, Salz, Rich wrote:
> > if our reading is correct, Theo's critique may have been too harsh.
>
> Imagine that.
Done, but the OpenBSD critique did have a point, in that OpenSSL
maintained its own memory pool for some allocations that bypassed
malloc/free, and therefore was not covered by any security options
in malloc() and free(). Disabling that pool and always using
malloc()/free(), uncovered a use after free bug.
In particular plaintext of previous packets would be present in
memory even after the content was freed. Thus for example, with
Postfix and an OpenSSL with HeartBleed unpatched, one could retrieve
fragments of email messages from the heap, even though Postfix
always wipes freed memory, and the Postfix SMTP server is not
multi-threaded, rather ther is a dynamically sized pool of
servers accepting connections serially.
--
Viktor.
More information about the cryptography
mailing list