Finding Error Handling Bugs in OpenSSL using Coccinelle

Similar documents
Coccinelle: Bug Finding for the Linux Community

Inside the Mind of a Coccinelle Programmer

Aalborg Universitet. Published in: Science of Computer Programming. DOI (link to publication from Publisher): /j.scico

Coccinelle: Tool support for automated CERT C Secure Coding Standard certification

Coccigrep: a semantic grep for C language

Advanced SmPL: Finding Missing IS ERR tests

Coccinelle: Killing Driver Bugs Before They Hatch

Coccinelle: A Program Matching and Transformation Tool for Linux

Understanding the Genetic Makeup of Linux Device Drivers

Request for Comments: 7912 Category: Informational June 2016 ISSN:

Coccinelle. Julia Lawall (Inria/Irill/LIP6) August 19, 2015

Heartbleed Bug. Anthony Postiglione. Department of Electrical & Computer Engineering Missouri University of Science and Technology

Bachelor s Thesis : Finding Bugs in Open Source Software using Coccinelle

Linux for Safety Critical Applications: Hunting down bug patterns

Coccinelle: A Program Matching and Transformation Tool for Systems Code

SmPL: A Domain-Specic Language for Specifying Collateral Evolutions in Linux Device Drivers

Disclaimer. This talk vastly over-simplifies things. See notes for full details and resources.

Towards Easing the Diagnosis of Bugs in OS Code

Documenting and Automating Collateral Evolutions in Linux Device Drivers

APISan: Sanitizing API Usages through Semantic Cross-checking

Disclaimer. This talk vastly over-simplifies things. See notes for full details and resources.

Finding Vulnerabilities in Web Applications

Introduction to Coccinelle

On Designing a Target-Independent DSL for Safe OS Process Scheduling Components

Release note Tornaborate

SCHEME 8. 1 Introduction. 2 Primitives COMPUTER SCIENCE 61A. March 23, 2017

Coccinelle: Practical Program Transformation for the Linux Kernel. Julia Lawall (Inria/LIP6) June 25, 2018

Configuration Examples for the D-Link NetDefend Firewall series

3L: Learning Linux Logging (Extended Abstract for BENEVOL 15)

Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks

Most Common Security Threats (cont.)

Unit 6 - Software Design and Development LESSON 8 QUALITY ASSURANCE

Internet Engineering Task Force (IETF) Request for Comments: 5754 Updates: 3370 January 2010 Category: Standards Track ISSN:

AppGate 11.0 RELEASE NOTES

Security Improvements on Cast Iron

TSP Secure. Date: December 14, 2016 William Nichols Carnegie Mellon University

After you install WatchGuard XCS v10.2, make sure you install any additional software updates available for this release.

Ahead of Time Static Analysis for Automatic Generation of Debugging Interfaces to the Linux Kernel

Brocade will no longer provide security updates as End of Life (EOL) was January 18, 2013.

Control Structures. CIS 118 Intro to LINUX

a. The following method would allow an object of the static type List<String> to be passed to it as an argument.

Faults in Linux 2.6. Nicolas Palix, Gaël Thomas, Suman Saha, Christophe Calvès, Gilles Muller, Julia L. Lawall. To cite this version:

SSL/TLS Vulnerability Detection Using Black Box Approach

Brocade FOS Release v6.2.2f9 Internal Content Notes

A look at the PGP keyserver data

Any questions please contact

Implementing a VSOP Compiler. March 20, 2018

Compiler-Agnostic Function Detection in Binaries

Static Analysis of C++ Projects with CodeSonar

MQ Jumping... Or, move to the front of the queue, pass go and collect 200

CIS192 Python Programming

How to Configure SSL Interception in the Firewall

Install the ExtraHop session key forwarder on a Windows server

Increasing Automation in the Backporting of Linux Drivers Using Coccinelle

Precise and Accurate Patch Presence Test for Binaries

Install the ExtraHop session key forwarder on a Windows server

Alternative Exploitation Vectors

CS 61B Discussion 5: Inheritance II Fall 2014

Coccinelle Usage (version 0.1.7)

CONFIGURATION MANUAL. English version

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

A Study of Linux File System Evolution

for Compound Authentication

Applications. Cloud. See voting example (DC Internet voting pilot) Select * from userinfo WHERE id = %%% (variable)

Install the ExtraHop session key forwarder on a Windows server

6.184 Lecture 4. Interpretation. Tweaked by Ben Vandiver Compiled by Mike Phillips Original material by Eric Grimson

Towards Automatic Generation of Vulnerability- Based Signatures

Network Security Platform 8.1

Cryptography for Software and Web Developers

How Double-Fetch Situations turn into Double-Fetch Vulnerabilities:

Oracle Utilities Application Framework

Python Essential Reference, Second Edition - Chapter 5: Control Flow Page 1 of 8

C ISPA. Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification

PlatPal: Detecting Malicious Documents with Platform Diversity

Topics. Introduction to Repetition Structures Often have to write code that performs the same task multiple times. Controlled Loop

Release Notes BootROM Application SoundPoint IP, SoundStation IP and VVX TM

Findings for

6.037 Lecture 4. Interpretation. What is an interpreter? Why do we need an interpreter? Stages of an interpreter. Role of each part of the interpreter

16-Dec-10. Consider the following method:

Prequel: A Patch-Like Query Language for Commit History Search

Making Use of the Subliminal Channel in DSA

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

UNIVERSITY OF TARTU FACULTY OF SCIENCE AND TECHNOLOGY INSTITUTE OF COMPUTER SCIENCE INFORMATICS. CVE Hiie-Helen Raju

OWASP 5/07/09. The OWASP Foundation OWASP Static Analysis (SA) Track Session 1: Intro to Static Analysis

MRG Effitas Trapmine Exploit Test

Libgdb. Version 0.3 Oct Thomas Lord

6. Operatoren. 7. Safe Programming: Assertions. Table of Operators. Table of Operators - Explanations. Tabular overview of all relevant operators

News and information! Review: Java Programs! Feedback after Lecture 2! Dead-lines for the first two lab assignment have been posted.!

Release Notes for Epilog for Windows Release Notes for Epilog for Windows v1.7

Satisfying CC Cryptography Requirements through CAVP/CMVP Certifications. International Crypto Module Conference May 19, 2017

Automatically Detecting Error Handling Bugs using Error Specifications

This manual is for Libffi, a portable foreign-function interface library. Copyright c 2008, 2010, 2011 Red Hat, Inc. Permission is granted to copy,

DreamFactory Security Guide

Common LISP Tutorial 1 (Basic)

Ruby: Introduction, Basics

CSE 341 Section 7. Eric Mullen Spring Adapted from slides by Nicholas Shahan, Dan Grossman, and Tam Dang

Pluggable Rule Engine Architecture

Looking at the big picture on. vulnerabilities. Network Resonance, Inc. Eric Rescorla

SOURCEFIRE SSL APPLIANCE RELEASE NOTES

ID: Sample Name: fonttable.xml Cookbook: defaultandroidfilecookbook.jbs Time: 05:14:58 Date: 27/04/2018 Version:

Transcription:

1 Finding Error Handling Bugs in OpenSSL using Coccinelle (Practical Experience Report) Julia Lawall (University of Copenhagen/INRIA-Regal) Ben Laurie (Google), René Rydhof Hansen (Aalborg University), Nicolas Palix (University of Copenhagen), Gilles Muller (INRIA-Regal)

2 Context: Error handling in C code The C language doesn t provide any error handling abstractions Convention 1: 1 indicates success, 0 indicates failure. Convention 2: 0 indicates success, -n indicates failure. OpenSSL Toolkit for implementing secure network communication. Some OpenSSL functions return both 0 and -n on failure.

3 Problem 1 CVE-2008-5077 (January 2009) OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. Example: if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) { /* bad signature */ al=ssl_ad_decrypt_error; SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); goto f_err; } But: EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some other error occurred.

Problem 2 CVE-2009-0591 (March 2009) The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. Example: if (!CMS_SignerInfo_verify_content(si, cmsbio)) { CMSerr(CMS_F_CMS_VERIFY, CMS_R_CONTENT_VERIFY_ERROR); goto err; } CMS_SignerInfo_verify_content() also returns 1, 0, or -1

5 Do similar bugs occur elsewhere? Bugs in the CVE functions were fixed. Are there others? Potential bug-finding methodology Find functions that return both 0 and negative values in error cases. Find uses of these functions that only test for 0. Issues OpenSSL-1.0.0-stable-SNAP-20090911 contains almost 250 000 lines of C code and almost 6000 functions. Potentially many such functions and call sites, so automation is needed.

6 Our technology: Coccinelle Features: Code-like notation for expressing searches. Patch features for expressing transformations (Semantic Patches). Isomorphisms for handling syntactic variations. @@ expression list args; @@ -!EVP_VerifyFinal(args) + EVP_VerifyFinal(args) <= 0 @@ expression list args; @@ -!CMS_SignerInfo_verify_content(args) + CMS_SignerInfo_verify_content(args) <= 0 Problem: All function names must be known.

7 An iterative process, developed for Linux [DSN 2009] Define a semantic patch to find functions having some property Define a semantic patch template to find bugs in the use of an arbitrary function Then, apply these semantic patches to the code base

8 An iterative process, developed for Linux [DSN 2009] Define a semantic patch to find functions having some property A function that returns a negative constant directly. A function that stores a negative constant in a variable and returns that variable. A function that checks that a variable is negative and returns that variable. Define a semantic patch template to find bugs in the use of an arbitrary function Then, apply these semantic patches to the code base

9 An iterative process, developed for Linux [DSN 2009] Define a semantic patch to find functions having some property Define a semantic patch template to find bugs in the use of an arbitrary function Code that only checks whether the result is 0, not whether it is negative. Then, apply these semantic patches to the code base

10 An iterative process, developed for Linux [DSN 2009] Define a semantic patch to find functions having some property Define a semantic patch template to find bugs in the use of an arbitrary function Then, apply these semantic patches to the code base Run the first semantic patch on the code base to collect a list of function names. Instantiate the semantic patch template for each collected function. Run the instantiated semantic patches on the code base to find and fix the bugs.

11 An iterative process, developed for Linux [DSN 2009] Protocol Finding Semantic Patch Bug Finding Semantic Patch Template i Project (e.g. OpenSSL) Search Collected Info Instantiate BugSP i ' i ' BugSP i '' i '' BugSP i ''' i ''' MakeBugReport Bug Report

Results 387 functions of the three types identified @@ expression list args; identifier virtual.fn; @@ - (FN(args)) == 0 + FN(args) <= 0 @@ expression list args; identifier virtual.fn; @@ - (FN(args))!= 0 + FN(args) > 0 @match@ expression x, E; constant C; identifier virtual.fn; position p; @@ x@p = FN(...) <+... when!= x <= ( 0 -C ) when!= x < ( 0 -C ) when!= ( x > 0 x == -C ) ( x!= 0 x == 0 )...+> ( return...; x = E ) Bugs: 26 False positives: 20 Unknown: 3 Files: 30 Bugs: 6 False positives: 14 Unknown: 2 Files: 19

13 Bug history Defects EVP_VerifyFinal dtls1_retrieve_buffered_fragment get_cert_chain X509_verify_cert X509_verify_cert X509_verify_cert EVP_VerifyFinal ocsp_check_issuer asn1_check_tlen asn1_check_tlen asn1_template_noexp_d2i asn1_cb asn1_cb X509_verify_cert X509_check_purpose X509_STORE_get_by_subject X509_check_purpose UI_UTIL_read_pw UI_UTIL_read_pw SSLStateMachine_read_extract RAND_bytes EVP_SealInit BIO_ctrl 2006 2007 2008 2009 next Versions/Date

Issues OpenSSL-specific macros STACK_OF(SSL_COMP) *sk; is not valid C. Solution: Configure Coccinelle to ignore STACK_OF (4 problematic macros in all) Functions using 0 for success Some functions return 0 for success and negative values for failure. Solution: Filter out functions that never return positive values.

15 Issues Comparison functions Some functions return -1 for <, 0 for =, and 1 for > Solution: Filter out function names ending in cmp. Value dependencies Function arguments may control whether a negative result is possible. if ((a!= NULL) && (sk_num(a)!= 0)) M_ASN1_I2D_put_SET(a,f); Solution: Manual inspection. Potential solution: Data flow analysis (integration with Clang).

16 Conclusions Our technique that was developed for Linux code has been shown useful for (user-level) OpenSSL code too. Different projects have different conventions, bug histories and bug profiles. Our previous efforts with OpenSSL found few bugs, and those found did not interest the OpenSSL community. Bug-finding requires project-specific expertise. Automated bug-finding tools must be easily adaptable by the user. Coccinelle can meet this challenge. http://coccinelle.lip6.fr/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback