Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-14 Thread Matthias Apitz

some nice pictures how the bug works: http://www.xkcd.com/1354/

HIH

matthias
-- 
Sent from my FreeBSD netbook

Matthias Apitz, g...@unixarea.de, http://www.unixarea.de/ f: +49-170-4527211
UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-12 Thread Michael Tuexen
On 12 Apr 2014, at 17:43, Matthias Apitz g...@unixarea.de wrote:

 El día Wednesday, April 09, 2014 a las 01:05:22AM -0700, monloi perez 
 escribió:
 
 True. Thanks for the quick reply.
 
 
 On Wednesday, April 9, 2014 3:33 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk 
 wrote:
 
 https://www.openssl.org/news/changelog.html
 
 1.0.1 introduced the heartbeat support.
 
 1.0.0 and earlier are fortunate in that they didnt have it.but then they 
 didnt have things to stop you from being BEASTed so some you win, some you 
 lose. ;)
 
 alan
 
 Hello,
 
 As you can read in the above change log, heartbeat support was
 introduced in version 1.0.1 of openssl. Does this mean that also the bug
 was introduced with this version in March 2012, or was it later?
As the security advisory states, the bug showed up in version 1.0.1
released in March 2012.
 
 What is the exact bug, can someone show a svn/git diff of the first
 source version having the bug?
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c5082161b02a22116ad75f822b1
 
 Is it possible that the bug was introduced with intention (to make
 use of it later)?
 
 Here in Germany in the news we have rumor, that the bug was used by NSA,
 of course the American Goverment says no.
I have read the rumor. It is wrong. I was Robins boss at the time he
did the work, he worked in my lab. Neither me personally nor my lab at the 
university
had any cooperations with any security agency (from any country).
Robin worked on the OpenSSL code for multiple years. During his work with the 
DTLS
code, he fixed a lot of bugs in that code and implemented some features,
like the support of RFC 6520. He worked in the public, all his patches were 
submitted
with his name. The intention was to improve OpenSSL, not to introduce bugs.
Unfortunately, the patch above contained a bug which wasn't catched,
neither by Robin, nor by the reviewers, nor by the people using the stack.
It is a bug. A bug with a huge impact. Nothing more. Nothing less.

Best regards
Michael Tüxen
 
 Thanks
 
   matthias
 
 -- 
 Matthias Apitz   |  /\   ASCII Ribbon Campaign:
 E-mail: g...@unixarea.de |  \ /   - No HTML/RTF in E-mail
 WWW: http://www.unixarea.de/ |   X- No proprietary attachments
 phone: +49-170-4527211   |  / \   - Respect for open standards
 | en.wikipedia.org/wiki/ASCII_Ribbon_Campaign
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org
 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-12 Thread Matthias Apitz
El día Saturday, April 12, 2014 a las 09:08:15PM +0200, Michael Tuexen escribió:

  What is the exact bug, can someone show a svn/git diff of the first
  source version having the bug?
 http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c5082161b02a22116ad75f822b1
  

Hi,

Thanks for the git diff (and the other statements). Could you please be
so kind and point to the exact place of the offending statement (or
missing boundary check) in the 19 *.[ch] files? I only want (as a C
programmer) to get my own impression of the nature of the issue. Thanks

matthias

-- 
Sent from my FreeBSD netbook

Matthias Apitz, g...@unixarea.de, http://www.unixarea.de/ f: +49-170-4527211
UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-12 Thread Michael Tuexen
On 12 Apr 2014, at 21:30, Matthias Apitz g...@unixarea.de wrote:

 El día Saturday, April 12, 2014 a las 09:08:15PM +0200, Michael Tuexen 
 escribió:
 
 What is the exact bug, can someone show a svn/git diff of the first
 source version having the bug?
 http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c5082161b02a22116ad75f822b1
 
 
 Hi,
 
 Thanks for the git diff (and the other statements). Could you please be
 so kind and point to the exact place of the offending statement (or
 missing boundary check) in the 19 *.[ch] files? I only want (as a C
 programmer) to get my own impression of the nature of the issue. Thanks
Here is the commit of the fix:
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=731f431497f463f3a2a97236fe0187b11c44aead

Best regards
Michael
 
   matthias
 
 -- 
 Sent from my FreeBSD netbook
 
 Matthias Apitz, g...@unixarea.de, http://www.unixarea.de/ f: +49-170-4527211
 UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370)
 UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org
 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-12 Thread Matthias Apitz
El día Saturday, April 12, 2014 a las 09:30:22PM +0200, Matthias Apitz escribió:

 El día Saturday, April 12, 2014 a las 09:08:15PM +0200, Michael Tuexen 
 escribió:
 
   What is the exact bug, can someone show a svn/git diff of the first
   source version having the bug?
  http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c5082161b02a22116ad75f822b1
   
 
 Hi,
 
 Thanks for the git diff (and the other statements). Could you please be
 so kind and point to the exact place of the offending statement (or
 missing boundary check) in the 19 *.[ch] files? I only want (as a C
 programmer) to get my own impression of the nature of the issue. Thanks

ah, I see it in ssl/d1_both.c, the memcpy for the payload is done
regardless if payload length and payload fit; forget my request.

Thx

matthias
-- 
Sent from my FreeBSD netbook

Matthias Apitz, g...@unixarea.de, http://www.unixarea.de/ f: +49-170-4527211
UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-12 Thread Michael Smith

On Apr 12, 2014, at 3:08 PM, Michael Tuexen michael.tue...@lurchi.franken.de 
wrote:
  
 I have read the rumor. It is wrong. 

Introduced with intent vs. known to the NSA -- two 
different things, right? 

I don't have any direct knowledge of what goes on in the 
NSA, but if they don't have a whole cubicle farm full 
of people looking for vulnerabilities, I'd be surprised. 
OpenSSL would be an obvious high-value target for scrutiny 
just because of its ubiquity. 



__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-12 Thread Jan Danielsson
On 12/04/14 21:30, Matthias Apitz wrote:
 http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c5082161b02a22116ad75f822b1
 
 Thanks for the git diff (and the other statements). Could you please be
 so kind and point to the exact place of the offending statement (or
 missing boundary check) in the 19 *.[ch] files? I only want (as a C
 programmer) to get my own impression of the nature of the issue. Thanks

   Check ssl/d1_both.c

   /Jan
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-12 Thread Matthias Apitz
El día Saturday, April 12, 2014 a las 03:43:29PM -0400, Michael Smith escribió:

 
 On Apr 12, 2014, at 3:08 PM, Michael Tuexen 
 michael.tue...@lurchi.franken.de wrote:
   
  I have read the rumor. It is wrong. 
 
 Introduced with intent vs. known to the NSA -- two 
 different things, right? 
 
 I don't have any direct knowledge of what goes on in the 
 NSA, but if they don't have a whole cubicle farm full 
 of people looking for vulnerabilities, I'd be surprised. 
 OpenSSL would be an obvious high-value target for scrutiny 
 just because of its ubiquity. 

agreed; and this bug wasn't hard to see (even for me, sitting in a
restaurant with a netbook); in my company we do code review face to
face, i.e. two persons (the coder and the reviewer) wade through the new
code; one target of always questioning are copies in memory: do the
amount of data fit into target location and is the source amount a valid
space...

matthias

-- 
Sent from my FreeBSD netbook

Matthias Apitz, g...@unixarea.de, http://www.unixarea.de/ f: +49-170-4527211
UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-12 Thread Matthias Apitz
El día Saturday, April 12, 2014 a las 03:43:29PM -0400, Michael Smith escribió:

 
 On Apr 12, 2014, at 3:08 PM, Michael Tuexen 
 michael.tue...@lurchi.franken.de wrote:
   
  I have read the rumor. It is wrong. 
 
 Introduced with intent vs. known to the NSA -- two 
 different things, right? 
 
 I don't have any direct knowledge of what goes on in the 
 NSA, but if they don't have a whole cubicle farm full 
 of people looking for vulnerabilities, I'd be surprised. 
 OpenSSL would be an obvious high-value target for scrutiny 
 just because of its ubiquity. 

and one comment more: the bug works in both directions; when a client
with an openssl lib/DLL with this bug connects to a well prepared SSL server,
the server can fetch up to 64 kbyte of memory from the client, for example the
stored saved passwords in your browser...

matthias
-- 
Sent from my FreeBSD netbook

Matthias Apitz, g...@unixarea.de, http://www.unixarea.de/ f: +49-170-4527211
UNIX since V7 on PDP-11, UNIX on mainframe since ESER 1055 (IBM /370)
UNIX on x86 since SVR4.2 UnixWare 2.1.2, FreeBSD since 2.2.5
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-12 Thread Michael Tuexen
On 12 Apr 2014, at 21:43, Michael Smith m...@smithbowen.net wrote:

 
 On Apr 12, 2014, at 3:08 PM, Michael Tuexen 
 michael.tue...@lurchi.franken.de wrote:
 
 I have read the rumor. It is wrong. 
 
 Introduced with intent vs. known to the NSA -- two 
 different things, right? 
My statement was referring to the Introduced with intend.

I personally don't know anything about known to the NSA.

Best regards
Michael
 
 I don't have any direct knowledge of what goes on in the 
 NSA, but if they don't have a whole cubicle farm full 
 of people looking for vulnerabilities, I'd be surprised. 
 OpenSSL would be an obvious high-value target for scrutiny 
 just because of its ubiquity. 
 
 
 
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org
 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org


Re: the nature of the heartbeat issue (was Re: OpenSSL Security Advisory)

2014-04-12 Thread Michael Smith

On Apr 12, 2014, at 5:40 PM, Michael Tuexen michael.tue...@lurchi.franken.de 
wrote:
  
 Introduced with intent vs. known to the NSA -- two 
 different things, right? 
 My statement was referring to the Introduced with intend.

Understood. I'm personally quite sure it *wasn't* introduced 
with intent, which is why I thought it was important to 
note the distinction.  

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org