It's a worthy cause, but please don't repeatedly post these comments. Neither fundraising campaigns nor single-purpose accounts are appropriate in HN threads.
It wouldn't be exploitable even without that, due to it being a userland dereference. The mmap 0 trick really only applies to kernel exploits. If you're in a position to mmap anything, you can already execute code.
Good to note that this was found with KLEE[1]. KLEE is a good for symbolic execution of code and is very cool[2].
This only triggers a crash if you use RELEASE_BUFFERS (not the default) and a warning alert is written when the socket buffer is full. About the only case where a warning alert is generated is when a client attempts a renegotiation without the renegotiation extension (unless insecure renegotiation is allowed by the app). I've not been able to trigger the bug in a test because code generally stops reading once the socket buffer is full so you need the application to exactly fill the socket buffer (so that it doesn't get EAGAIN), then a warning alert can just exceed it.
Is it me or should code that has to be secure be written in more manage languages to prevent these mistake ? (But managed languages probably have other security issues I don't know about ?)
Managed languages is one way to go, but they are not really appropriate for performance critical libraries like OpenSSL in my book. You can get safety without being managed in modern languages if the compiler does the safety proving for you (e.g. rustlang).
> Managed languages [...] are not really appropriate for performance critical libraries like OpenSSL
This is complete bullshit. Please cite where you found these results. Even if this was true, since the servers also run openssl, you'd be able to at least run a client at 10x/100x/1000x the speed of the server (because the client doesn't have to have concurrent connections), which would make the "slow managed code" fine for a client.
Fuck off. So is C, and C has no semantics whatsoever that prevent them, i.e, if one output from the compiler has no side channel vulns, the very next output may indeed have them.
If OpenSSL was written in a managed language, someone would need it in an environment a managed language wasn't suitable for, and end up porting it to C.
No, it's not just you. I've been saying this for 5 years (Since about a year after I learned to program), and nobody gives a fuck / is competent enough to rewrite the stuff on solid foundations.
For all clarity I meant like C++, ObjC, or others; any language that allows you to create things that enforce consistency during compile or runtime. (Like shared pointer and array containers.) Probably used the wrong terminology here.
Sort of. They say only if it's a single line that it's not allowed. If there are multiple lines it's "permitted."
So technically, this is still OK, but they are allowed to use braces when there are multiple lines. (the if and the return) They have an example in that link that covers this as a permitted case, but as you say, it's OK and consistent, but that doesn't make it good :)
this is getting boring. ever time a patch using no parentheses shows up there is that comment. if all your code uses that style you get used to it. feel free to show evidence of openbsd making that mistake once! (there might have been those, but i am sure it's going to be very hard to find).
Perhaps you need to consider the bigger picture. The biggest part of being a programmer is not in how many characters we write but in how we are able to know and understand abstract concepts.
If writing defensively by always putting braces around if statements means we no longer have to consider the possibility of a fall through error, then that saves mental processing for you and more importantly for lesser programmers.
37 comments
[ 194 ms ] story [ 2486 ms ] threadhttp://www.openbsdfoundation.org/donations.html
http://www.openbsd.org/donations.html
http://www.openbsd.org/want.html
Apr 12, 2014
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_op...
-->>
2014-04-30
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:09....
needed 18 days to reach other OSes, ex.: FreeBSD.. interesting lag..
Who knows for embedded devices.
This one is listed on that page (bottom 005: SECURITY FIX: May 1, 2014).
This only triggers a crash if you use RELEASE_BUFFERS (not the default) and a warning alert is written when the socket buffer is full. About the only case where a warning alert is generated is when a client attempts a renegotiation without the renegotiation extension (unless insecure renegotiation is allowed by the app). I've not been able to trigger the bug in a test because code generally stops reading once the socket buffer is full so you need the application to exactly fill the socket buffer (so that it doesn't get EAGAIN), then a warning alert can just exceed it.
[1] http://marc.info/?l=openssl-dev&m=139809493725682&w=2 [2] http://klee.github.io/klee/
Here is an example of its power and how to use it: http://feliam.wordpress.com/2010/10/07/the-symbolic-maze/
This is complete bullshit. Please cite where you found these results. Even if this was true, since the servers also run openssl, you'd be able to at least run a client at 10x/100x/1000x the speed of the server (because the client doesn't have to have concurrent connections), which would make the "slow managed code" fine for a client.
Instead of:
Why not:Disagree you may, but it's consistent with their self-imposed guidelines.
So technically, this is still OK, but they are allowed to use braces when there are multiple lines. (the if and the return) They have an example in that link that covers this as a permitted case, but as you say, it's OK and consistent, but that doesn't make it good :)
If writing defensively by always putting braces around if statements means we no longer have to consider the possibility of a fall through error, then that saves mental processing for you and more importantly for lesser programmers.