How Heartbleed could've been found

Hanno's Blog

Tuesday, April 7. 2015

How Heartbleed could've been found


Trackbacks

Weblog: www.btk-clan.ch
Tracked: Apr 08, 07:57
Weblog: snippets.mela.de
Tracked: Apr 09, 06:32
Weblog: info.ssl.com
Tracked: Apr 30, 02:51
Denial of Service in Dovecot and unexpected crashes in OpenSSL (TFPA 008/2015)
A while ago I did a little experiment trying to fuzz the OpenSSL handshake with the intent to test whether Heartbleed could've been found with fuzzing. At some point while developing the sample code I discovered that american fuzzy lop would find a lot of
Weblog: The Fuzzing Project
Tracked: May 18, 21:15

Comments
Display comments as (Linear | Threaded)

The main thing about HeartBleed was not technical, there were N ways it could have been found.

No, the main thing is that nobody had or took the time to even look such bugs.

As I wrote in ACM Queue: "Quality Software costs money, Heartbleed is free"

https://queue.acm.org/detail.cfm?id=2636165

Poul-Henning
#1 Poul-Henning Kamp on 2015-04-07 21:43 (Reply)
You can make OpenSSL accept any key length by compiling it with -DOPENSSL_TLS_SECURITY_LEVEL=0. Of course this is not safe in production, but it is fine to fuzz it with very short keys.
#2 Michele Spagnuolo (Homepage) on 2015-04-08 12:01 (Reply)
As mentioned before on Twitter (https://twitter.com/jurajsomorovsky/status/590867082612502528), I try to test Heartbleed on OpenSSL with Address Sanitizer. My problem is that the server crashes only when the heartbeat length value > 17709. Otherwise, the server runs further as it would not have been compiled with Address Sanitizer.

As you mentioned, I tried to compile OpenSSL with no-buf-free-lists:
./config no-buf-freelists -fsanitize=address
make depend
make
But this does not change the server behavior.


Btw., when I set the length value to 17710, the server crashes and I get the following output:
0x629000022749 is located 0 bytes to the right of 17736-byte region [0x62900001e200,0x629000022748)

When I increment the length value to 17711, I get the following message:
0x629000018749 is located 1 bytes to the right of 17736-byte region [0x629000014200,0x629000018748)
etc.

It seems to be some fixed 17736-byte region, which must be overread, otherwise the server does not crash.

Do you mean is this something connected with Address Sanitizer properties or with the OpenSSL implementation?

I would like to do some fuzzing and to configure Address Sanitizer to be more "sensitive" (if that's possible)...

Thanks
Juraj
#3 Juraj on 2015-04-22 17:47 (Reply)

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

 
 

About

This blog is written by Hanno Böck. Unless noted otherwise, its content is licensed as CC0.

You can find my web page with links to my work as a journalist here.

I am also publishing a newsletter about climate change and decarbonization technologies.

The blog uses the free software Serendipity and is hosted at schokokeks.org.

Hanno on Mastodon | Contact / Imprint | Privacy / Datenschutz