1

A remotely exploitable OpenSSL/LibreSSL vulnerability

 2 years ago
source link: https://lwn.net/Articles/887970/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

A remotely exploitable OpenSSL/LibreSSL vulnerability

[Posted March 15, 2022 by corbet]
The OpenSSL project has disclosed a vulnerability wherein an attacker presenting a malicious certificate can cause the execution of an infinite loop. It is thus a denial-of-service vulnerability for any application — server or client — that handles certificates from untrusted sources. The OpenSSL 3.0.2 and 1.1.1n releases contain fixes for the problem. This advisory makes it clear that LibreSSL, too, suffers from this vulnerability; updated releases are available there too.
(Log in to post comments)

A remotely exploitable OpenSSL/LibreSSL vulnerability

Posted Mar 16, 2022 8:13 UTC (Wed) by rsidd (subscriber, #2582) [Link]

The LibreSSL announcement looks a bit... sparse. They could at least have linked to a more detailed advisory.

A remotely exploitable OpenSSL/LibreSSL vulnerability

Posted Mar 16, 2022 15:13 UTC (Wed) by kleptog (subscriber, #1183) [Link]

Near as I can tell it's deep in the EC magic.

https://github.com/openssl/openssl/commit/9eafb53614bf657...

It's not entirely clear how this could loop infinitely, since i is increasing. But if e=1 going into the loop and that's the only value for which BN_is_one() is going to return true, it could be going for a while until i loops around.

A remotely exploitable OpenSSL/LibreSSL vulnerability

Posted Mar 16, 2022 16:27 UTC (Wed) by tialaramex (subscriber, #21167) [Link]

I think it can loop infinitely because this is all happening inside a while(1) loop. If the conditions are impossible the loop never exits, it just pointlessly repeats the work forever.

It's all made much more confusing by the fact that so much of the control flow logic is goto. Errors? Goto. Success? Goto. Special cases: Goto. Why did we bother coming up with other control flows, clearly we should take a cue from the CPU and only have jumps...

A remotely exploitable OpenSSL/LibreSSL vulnerability

Posted Mar 16, 2022 17:15 UTC (Wed) by kleptog (subscriber, #1183) [Link]

Oh, right you have to look a level up.

On the plus side, the patch replaced one of the goto's with a break, so there's progress /s


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK