Good to note that this was found with KLEE[1]. KLEE is a good for symbolic execution of code and is very cool[2].

This only triggers a crash if you use RELEASE_BUFFERS (not the default) and a warning alert is written when the socket buffer is full. About the only case where a warning alert is generated is when a client attempts a renegotiation without the renegotiation extension (unless insecure renegotiation is allowed by the app). I've not been able to trigger the bug in a test because code generally stops reading once the socket buffer is full so you need the application to exactly fill the socket buffer (so that it doesn't get EAGAIN), then a warning alert can just exceed it.

[1] http://marc.info/?l=openssl-dev&m=139809493725682&w=2 [2] http://klee.github.io/klee/

KLEE is ok on small programs but has a lot of limitation with real world programs (using libraries mostly) at least according to a USENIX paper last year: https://www.usenix.org/conference/cset13/workshop-program/pr...

How does what you say square with the evidence that klee found a bug in OpenSSL which is about as real world as it gets?

KLEE is very interesting! I am looking into it for improving tests on some of my company's small-but-tricky functions.

Here is an example of its power and how to use it: http://feliam.wordpress.com/2010/10/07/the-symbolic-maze/

Are there any write ups for this yet? I can't find a CVE or anything on this one. No word from OpenSSL yet either.

This shouldn't be exploitable on modern linux machines due to https://wiki.debian.org/mmap_min_addr

Who knows for embedded devices.

It wouldn't be exploitable even without that, due to it being a userland dereference. The mmap 0 trick really only applies to kernel exploits. If you're in a position to mmap anything, you can already execute code.

That patch is set up for a later bug to be introduced: no brackets on the if statements.

Instead of:

  +		if (wb->buf == NULL)
  +			if (!ssl3_setup_write_buffer(s))
  +				return -1;

Why not:

  +		if (wb->buf == NULL) {
  +			if (!ssl3_setup_write_buffer(s)) {
  +				return -1;
  +			}
  +		}

This is OpenBSD Kernel Normal Form (http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9).

Disagree you may, but it's consistent with their self-imposed guidelines.

Sort of. They say only if it's a single line that it's not allowed. If there are multiple lines it's "permitted."

So technically, this is still OK, but they are allowed to use braces when there are multiple lines. (the if and the return) They have an example in that link that covers this as a permitted case, but as you say, it's OK and consistent, but that doesn't make it good :)

or

  if ((wb->buf == NULL) && !ssl3_setup_write_buffer(s)) {
     return -1;
  }

this is getting boring. ever time a patch using no parentheses shows up there is that comment. if all your code uses that style you get used to it. feel free to show evidence of openbsd making that mistake once! (there might have been those, but i am sure it's going to be very hard to find).

Perhaps you need to consider the bigger picture. The biggest part of being a programmer is not in how many characters we write but in how we are able to know and understand abstract concepts.

If writing defensively by always putting braces around if statements means we no longer have to consider the possibility of a fall through error, then that saves mental processing for you and more importantly for lesser programmers.

Like I said in the other thread on 5.5, make sure you update for the patches. http://www.openbsd.org/errata55.html

This one is listed on that page (bottom 005: SECURITY FIX: May 1, 2014).

I think they are sending out e-mails about new patches.

It's a worthy cause, but please don't repeatedly post these comments. Neither fundraising campaigns nor single-purpose accounts are appropriate in HN threads.

Wow, all your comments are about donating to OpenBSD.

Is it me or should code that has to be secure be written in more manage languages to prevent these mistake ? (But managed languages probably have other security issues I don't know about ?)

If OpenSSL was written in a managed language, someone would need it in an environment a managed language wasn't suitable for, and end up porting it to C.

Managed languages is one way to go, but they are not really appropriate for performance critical libraries like OpenSSL in my book. You can get safety without being managed in modern languages if the compiler does the safety proving for you (e.g. rustlang).

Managed languages are very susceptible to timing attacks.

For all clarity I meant like C++, ObjC, or others; any language that allows you to create things that enforce consistency during compile or runtime. (Like shared pointer and array containers.) Probably used the wrong terminology here.

It is probably safer yes. But quite inconvenient.