A serious security bug... caused by no bounds checking.

[Marco Leise]

Am Mon, 07 Apr 2014 23:28:02 +0000
schrieb "w0rp" <devw0rp at gmail.com>:

> http://heartbleed.com/
> 
> This bug has been getting around. The bug was caused by missing 
> bounds checking.
> 
> I'm glad to be using a language with bounds checking.

Sorry, but wasn't this security risk instead caused by
uninitialized memory, and shouldn't you instead have said:

"I'm glad to be using a language with default initialization?"


(The attacker could request a larger packet size than required
for the requested data and malloc() doesn't zero out the rest
of the memory block, possibly containing sensitive data.)

In an article I read that malloc implementations using mmap
are more seriously affected, since that memory can come from
anywhere whereas the sbrk version is usually reusing memory
from the calling process.
I didn't understand that, since mmap on Linux returns zeroed
out pages. Process isolation is actually pretty good.
And frankly, had the OpenSSH developers replaced the m with c
in malloc, they could have avoided a lot of trouble as well.
But as it goes with such low level libraries performance is
very important to put load off servers for what is today seen
as a normal part of the network stack. I don't think any of
these calls for "safer languages" will change that the
developers want to win in those throughput benchmarks with
their implementation and keep using unsafe functions.

-- 
Marco