I was reading some openssl source code, in particular the x86 assembly
language files (which accelerate some crypto operations), and I find
many cases where data tables are intentionally inserted into text (code)
segments, and those tables include the byte value 0xC3.
By intentional, I mean there's a comment, don't let me judge the tone of it:
&set_label("AES_Td",64); # Yes! I keep it in the code segment!
And then a little bit later (these macros expand to placing .long into
the .text segment)
&_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a);
^^
It doesn't do it once. It does it nearly a hundred times.
Here's another:
&_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b);
^^
Can I do anything dangerous with that byte?
Does anyone on the internet know if a C3 byte in the code segment of a
program is safe?
I am very curious (if anyone knows..)
I did not look carefully for other specific byte sequences in code
which carry potential danger.
Far be it from me to suggest that the security experts over there in
OpenSSL land are unaware of modern exploitation methods! Very far from
that, very very far.
Surely I am wrong, all these bytes must be very very safe, these
numerous 0xc3 bytes (and the bytes preceeding them) must have been
reviewed repeatedly very carefully by the developers paid with the money
they received after their heartbleed error -- to make sure these
specific 0xc3 "instructions" (and the "instructions" precedeing them)
are safe.
Please let me know, I want to sleep better at night.
