From: Georg Bauhaus <rm-host.bauhaus@maps.futureapps.de>
Subject: Re: OpenSSL development (Heartbleed)
Date: Wed, 23 Apr 2014 10:06:36 +0200
Date: 2014-04-23T10:06:36+02:00 [thread overview]
Message-ID: <5357748c$0$6700$9b4e6d93@newsspool2.arcor-online.net> (raw)
In-Reply-To: <6xpjk44lobfz.fctt93m75u47$.dlg@40tude.net>
On 23/04/14 09:30, Dmitry A. Kazakov wrote:
>>> Boundary checks or not, the transport layer shall have no access to the
>>> server data.
>>>
>>> A tightly coupled system is vulnerable. If compromising just one component
>>> opens all gates wide, that is a bad standard and bad design. The effects of
>>> errors and faults must be bounded per design.
>>
>> How would you design a transport layer that has no access to whatever is
>> supposed to be transported?
>>
>> "Heartbleed" didn't leak any data that ins't legitimataly needed by
>> OpenSSL (i.e. transported data and/or transport parameters (like keys))
>
> I heard it leaked user data, I didn't go into details. I hope user data are
> not transported, because otherwise that would be even an greater design
> fault.
They are not, by design, transported. I think the issue
boiled down to using some int variable `p' as an offset without
checking bounds. OpenSSL sometimes uses its own malloc,
for historical reasons. So, perhaps this approximates.
At least GNAT warns, no matter what. What do other compiler
diagnose?
with System.Storage_Elements; use System.Storage_Elements;
with Ada.Integer_Text_IO;
procedure Leak is
type A is array (Integer range <>) of Storage_Element;
type A_P is access all A;
Pool : A (1 .. 123_456);
for Pool'Address use To_Address (16#100_000#);
Current_Offset : Storage_Offset := 0;
function Our_Own_Malloc (Size : Natural) return A_P is
Result : A_P;
for Result'Address use Pool'Address + Current_Offset;
begin
Current_Offset := Current_Offset + Storage_Offset (Size);
return Result;
end Our_Own_Malloc;
function Something (P : Integer) return A is
Result : A_P;
begin
Result := Our_Own_Malloc (P);
return Result.all;
end Something;
use Ada.Integer_Text_IO;
I : Integer;
begin
Get(I);
declare
Y : A := Something (I);
begin
null;
end;
end Leak;
next prev parent reply other threads:[~2014-04-23 8:06 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-19 14:31 OpenSSL development (Heartbleed) Alan Browne
2014-04-19 15:06 ` Nasser M. Abbasi
2014-04-19 15:41 ` Alan Browne
2014-04-19 15:36 ` Georg Bauhaus
2014-04-19 16:00 ` Yannick Duchêne (Hibou57)
2014-04-19 16:34 ` Georg Bauhaus
2014-04-19 17:06 ` Yannick Duchêne (Hibou57)
2014-04-19 19:13 ` Georg Bauhaus
2014-04-19 20:39 ` Yannick Duchêne (Hibou57)
2014-04-19 19:42 ` Alan Browne
2014-04-21 23:51 ` Randy Brukardt
2014-04-22 15:20 ` G.B.
2014-04-22 16:33 ` Dmitry A. Kazakov
2014-04-22 16:57 ` Simon Clubley
2014-04-22 19:53 ` Dmitry A. Kazakov
2014-04-22 20:49 ` Yannick Duchêne (Hibou57)
2014-04-23 5:38 ` Natasha Kerensikova
2014-04-23 7:30 ` Dmitry A. Kazakov
2014-04-23 7:40 ` Natasha Kerensikova
2014-04-23 8:04 ` Dmitry A. Kazakov
2014-04-23 8:20 ` Georg Bauhaus
2014-04-23 7:42 ` Egil H H
2014-04-23 8:06 ` Georg Bauhaus [this message]
2014-04-19 16:06 ` Alan Browne
2014-04-19 16:42 ` Georg Bauhaus
2014-04-19 16:59 ` Georg Bauhaus
2014-04-19 19:12 ` Alan Browne
2014-04-19 20:20 ` Georg Bauhaus
2014-04-19 20:53 ` Alan Browne
2014-04-19 21:10 ` [OT] OpenBSD, was: " Simon Clubley
2014-04-19 21:53 ` Alan Browne
2014-04-19 22:15 ` Nasser M. Abbasi
2014-04-19 22:34 ` Alan Browne
2014-04-20 8:17 ` Georg Bauhaus
2014-04-20 16:49 ` Alan Browne
2014-04-22 12:18 ` G.B.
2014-04-19 15:47 ` Yannick Duchêne (Hibou57)
2014-04-19 16:21 ` Alan Browne
2014-04-19 16:46 ` Georg Bauhaus
2014-04-19 19:22 ` Alan Browne
2014-04-19 20:33 ` Georg Bauhaus
2014-04-19 21:10 ` Alan Browne
2014-04-19 16:50 ` Yannick Duchêne (Hibou57)
2014-04-19 19:25 ` Alan Browne
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox