From owner-freebsd-security@FreeBSD.ORG Thu Apr 10 06:29:05 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6D24AFB5 for ; Thu, 10 Apr 2014 06:29:05 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5360D17E5 for ; Thu, 10 Apr 2014 06:29:05 +0000 (UTC) Received: from delphij-macbook.local (c-24-5-244-32.hsd1.ca.comcast.net [24.5.244.32]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id 877BB13FF7; Wed, 9 Apr 2014 23:29:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1397111344; bh=uLr7gPlANSgrTQVCJxh2r7AwG4ewCaUz1c+vRAH8D/0=; h=Date:From:Reply-To:To:Subject:References:In-Reply-To; b=C0Ha+swFtuaTFewS2JVN4rNawseI1pKpjr6HA4Gzn7uq7Vv8LBkyZWfOqyU6EZuI4 1QTt8KC1bHLE9mHtm3JIr9buBGgWQvvdRVwLJ8cGLdr3Iv4JXIqXwVPe6C8lchdHzu oaLY03NBunsGVqDKcl+oTEnxzKHQ3rHrm2V92SzY= Message-ID: <53463A2E.90905@delphij.net> Date: Wed, 09 Apr 2014 23:29:02 -0700 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: "Ronald F. Guilmette" , freebsd-security@freebsd.org Subject: Re: Heartbleed, a few naive questions References: <41616.1397107689@server1.tristatelogic.com> In-Reply-To: <41616.1397107689@server1.tristatelogic.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Apr 2014 06:29:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 4/9/14, 10:28 PM, Ronald F. Guilmette wrote: > > My apologies if the following few naive questions are out of place > or off topic here. I do suppose that there might perhaps be other > places where such question might perhaps be better put, but > many/most/all of those other places appear to be filled, at > present, with discussions and comments which are about on par with > some of the alien abduction theories relating to MH370. And I > would prefer to have a more thoughtful exchange. Thus I come > here. > > Anyway, having read the currently available (and quite detailed) > online descriptions of the Heartbleed bug, I am disposed to seek > answers to the following few questions: > > 1) Why does OpenSSL even contain a function called > "OPENSSL_malloc"? Does anyone other than me think that it might > perhaps have been a better choice to provide only a function called > "OPENSSL_calloc"? For this bug, doing calloc() makes no difference. Is doing calloc() a good practice in general? Sometimes it is, sometimes it merely slows things down. > 2) Not that this would actually have eliminated the bug, but... > > Was there some compelling reason why space for the "buffer" at > issue was allocated via a call to "OPENSSL_malloc", rather than, > say, simply being declared as a function-local "auto" > char[1+2+65536+padding] ? Automatic arrays are introduced with C99. By the way, how do you benefit from allocating from stack than from heap for relatively large chunk of memory? > 3) Not that this would actually have eliminated the bug, but... > > After making some effort to do so, I have been unable to find any > information online which would serve to document the initial state > of the blocks of memory allocated by calls to pthread_create(). > Would any of you happen to know if said blocks are or, conversely, > are not cleared to zeros prior to execution of the created > thread(s)? I don't think I understood this question, do you have a code fragment to describe your question? > 4) If, as has been suggested in some quarters, the _actual_ size > of the heartbeat client-supplied payload may be correctly > determined without any reference whatsoever to the _content_ of the > request packet, then why is/was it the case that the SSL protocol > specified that such packets should contain a payload length > specification... a value that, as we all now know, may be spoofed > with disasterous consequences? Do you have any reference here? I'm not an expert in OpenSSL code but looking at the specification, it seems like, without the payload length there is no way to figure out what length the padding is. > Regards, rfg > > > P.S. Looking just now at the man page for execve(2) I could not > help but notice that it neglects to say a single word about the > state of the memory comprising the initial page of the (new) > execution stack, let alone any additional pages that may be > subsequently and automagically added to the execution stack. Upon successful exec*(), the process address space is rebuilt. So no, you can no longer access any memory contents. > I, for one, had certainly always hoped and believed that such pages > would be pre-initialized by the kernel to all zeros... as opposed, > say, to whatever data had been left in those pages by the most > recently deceased process(es) that last held them. But in lieu of > any explicit statement on the matter within the man page, I am left > with a slight uneasy feeling. New pages are always initialized to zeros before access is given to process, this must happen or that by itself is a very serious security issue, because inter-process isolation is broken. Hope this helps. Should you find anything that we need to correct in the manual page to help others please speak up. Cheers, -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTRjouAAoJEJW2GBstM+nsaBUP/3efRvXu6+g37XZvPmJq6Ahm +uHQlZx7RjEP/3StQhNpHGL0BGTKiv5+diSusABOk8brkaw+Ergn7nTXRGRO4TTz 9wWBLcQs0iETsltYXmDSUw+EBJZDPFSjhyiZZTjxi9rzdqyVeIPlE4L5Tfu8dRhC QqO4Ccxh4QA6p3nMVhrh0WNbnvjfBTWNkZERo4w8b4QdwrkyxpnqVq0fwwNyIks1 EJ8u54EE2wAra7EfmaIfPFEELjID9JmlknmLuGE1rAbqW5zYyMU4eVaFHWpMVR1E 1yjJZrj7wGu6wBhM5zp1kh2+9HU7UnB7Xg1VVZjzT7XdkBO2IcftbpxZ6j+3VLM0 H9zwV7+9tMFAcXoOrAuHPhzqmxEImXd88uWxGJ31m0Ke6gPO1HZkc+Hknkaznfpa +W/NOKEKwr8a01renLIm0HhMdSRM/s2iDMFhZg47uCXWNxIqcpaDyJ/wU2vgi+yF OnDpxJ9/OfCcaj2pd8FdR+4mkxAQiwOc1ItSPqOj2pKNVbTNZnbff/z7ATAWI0e3 5aI4OibW7Fm2I5n6UhRePPfmNle+iJL2WXawmolNnvUohtrSwqeznkpvm2kLl3gz c4G+TzbegSn2wVmM2IiRP4tQcYxTuhFPCGnDnH2MfGpaEAMqMZRl5CESeiTjtY1F 8eC8q75ReaBNO95iGge1 =vXk2 -----END PGP SIGNATURE-----