Sunday, April 13, 2014

Heartbleed Bug - Dumb coding mistake brings Internet to its knees

Listen to the heartbeat
When two servers get ready to make an encrypted handshake, they perform something called a heartbeat, an act from which the bug gets its awesomely terrifying name.Heartbeats are a way for two computers who are talking to each other to make sure the other is still alive.
The client (that's you) sends its heartbeat to the server (your bank, say), and the server hands it right back. That way if something goes wrong during the transaction (e.g. if a computer literally explodes) the other one will know, because the heartbeats get out of sync.
When starts the heartbleed
The actual breach that's bringing the internet to its knees happens in this tiny line of code

memcpy(bp, pl, payload);
[The above in C / C++ format. ]

The function 'memcpy'  copies 'pl' which is of the size 'payload' into server location 'bp' and reads the content from  the server at location 'bp' of size 'payload' and sends back to the caller. Ideally the data which is returned should be same as 'pl'. The server could be your bank server if you do heartbeat to the bank's server while performing a banking transaction.

But if the caller lies to the server that 'pl' is of size 64KB and it needs to be written to the location 'bp' but in reality 'pl' is 'NULL' and the server is not checking whether 'pl' is really 64KB and would send back the server data from location 'bp' of size 64KB. This could be email IDs, user IDs, passwords or anything which could be a goldmine. This is the issue and the fix being implemented is to check whether 'pl' is of size 'payload'. 


Bottom-line: Minor coding mistakes sometimes are too costly to bear.

No comments:

Post a Comment