科技回声

7 条评论

agl大约 11 年前

Good to note that this was found with KLEE[1]. KLEE is a good for symbolic execution of code and is very cool[2].This only triggers a crash if you use RELEASE_BUFFERS (not the default) and a warning alert is written when the socket buffer is full. About the only case where a warning alert is generated is when a client attempts a renegotiation without the renegotiation extension (unless insecure renegotiation is allowed by the app). I've not been able to trigger the bug in a test because code generally stops reading once the socket buffer is full so you need the application to exactly fill the socket buffer (so that it doesn't get EAGAIN), then a warning alert can just exceed it.[1] <a href="http://marc.info/?l=openssl-dev&m=139809493725682&w=2" rel="nofollow">http://marc.info/?l=openssl-dev&m=139809493725682&w=2</a> [2] <a href="http://klee.github.io/klee/" rel="nofollow">http://klee.github.io/klee/</a>

评论 #7683567 未加载

评论 #7683466 未加载

eyeareque大约 11 年前

Are there any write ups for this yet? I can't find a CVE or anything on this one. No word from OpenSSL yet either.

评论 #7683077 未加载

ams6110大约 11 年前

That patch is set up for a later bug to be introduced: no brackets on the if statements.Instead of:<pre><code> + if (wb->buf == NULL) + if (!ssl3_setup_write_buffer(s)) + return -1; </code></pre> Why not:<pre><code> + if (wb->buf == NULL) { + if (!ssl3_setup_write_buffer(s)) { + return -1; + } + }</code></pre>

评论 #7684021 未加载

评论 #7684019 未加载

评论 #7684367 未加载

protomyth大约 11 年前

Like I said in the other thread on 5.5, make sure you update for the patches. <a href="http://www.openbsd.org/errata55.html" rel="nofollow">http://www.openbsd.org/errata55.html</a>This one is listed on that page (bottom 005: SECURITY FIX: May 1, 2014).

评论 #7682891 未加载

openbsddesktop大约 11 年前

You can thank the people that found the bug here:<a href="http://www.openbsdfoundation.org/donations.html" rel="nofollow">http://www.openbsdfoundation.org/donations.html</a><a href="http://www.openbsd.org/donations.html" rel="nofollow">http://www.openbsd.org/donations.html</a><a href="http://www.openbsd.org/want.html" rel="nofollow">http://www.openbsd.org/want.html</a>

评论 #7682659 未加载

评论 #7682671 未加载

Qantourisc大约 11 年前

Is it me or should code that has to be secure be written in more manage languages to prevent these mistake ? (But managed languages probably have other security issues I don't know about ?)

评论 #7683284 未加载

评论 #7683026 未加载

评论 #7683112 未加载

评论 #7684389 未加载

评论 #7683352 未加载

ticktocktick大约 11 年前

Are we better off using decoder rings and snail mail at this point?

评论 #7685124 未加载

评论 #7682819 未加载

评论 #7682791 未加载

评论 #7682845 未加载

7 条评论

agl大约 11 年前

评论 #7683567 未加载

评论 #7683466 未加载

eyeareque大约 11 年前

Are there any write ups for this yet? I can't find a CVE or anything on this one. No word from OpenSSL yet either.

评论 #7683077 未加载

ams6110大约 11 年前

评论 #7684021 未加载

评论 #7684019 未加载

评论 #7684367 未加载

protomyth大约 11 年前

评论 #7682891 未加载

openbsddesktop大约 11 年前

评论 #7682659 未加载

评论 #7682671 未加载

Qantourisc大约 11 年前

Is it me or should code that has to be secure be written in more manage languages to prevent these mistake ? (But managed languages probably have other security issues I don't know about ?)

Null pointer dereference – new security bug for OpenSSL

7 条评论

Null pointer dereference – new security bug for OpenSSL

7 条评论