I first heard about the “Heartbleed” bug from my IT group at work. As usual, the description you get from the media is so watered down as to be useless, but eventually I came across some reasonable explanations.
The simplest explanation is at xkcd.com/1354
My first thought on understanding the bug was “Really???” I’m kind of surprised that sort of mistake was created in the first place, and that it got through without anybody noticing it.
It is called “Heartbleed” because it is a bug in a feature called a “heartbeat” and the bug allows data to leak out of your system. A heartbeat is also called a “keepalive”. You send this message periodically to test that the machine at the other end is still there — if it stops answering, you know there is a problem. Using a keepalive/heartbeat is generally a good idea. It clears things up when a computer or network goes down, rather than having some program sit forever listening for an answer.
But this particular implementation is bad. It is
- a bug
- in security software
- that is used in a large portion of the web servers on the internet
- that leaks data from the server
- that is open source, so you can’t distribute a fix without simultaneously telling the bad guys what the problem is
There are a couple of interesting lessons here:
Open Source Software has security problems too
One of the benefits of open source software is alleged to be security. For example, http://opensourceforamerica.org/learn-more/benefits-of-open-source-software/ says
Open source enables anyone to examine software for security flaws. The continuous and broad peer-review enabled by publicly available source code improves security through the identification and elimination of defects that might otherwise be missed
Yes, one of the real benefits of open source software is that you can see how it works. But I wonder how effectively that is helping with security.
I looked at the history of openssl and found the Hearbleed bug there in Feb 2012. ( If you are a progammer, look here ; note in particular lines 1479, 1480, and 1485. The memcpy can copy more memory than was in the received message.)
It has been there for two years.
Part of the problem is that this code is so complex that only an expert can understand it. I could find this bug so quickly in Openssl because I found the CVE number ( 2014-0160) which told me exactly where to look.
If you gave me a description that contained all the publicly available information a few days after the vulnerability was announced (excluding the CVE number), I still could have found it. But it would have taken a lot of work. First I would have to understand the details of SSL, and then I would have to understand how OpenSSL works, and then I could start analyzing the program.
It’s a high bar, and it applies to all kinds of software. Thunderbird email client, Firefox web browser, Gnome desktop, Libre Office, GNU Image Manipulation Program, …etc… Each of these is so complex that only an expert on that particular program can effectively understand how they work. And of course, you can only become expert in how a program works by looking at it a lot.
We’re all happy to have this open source software, but in most cases we benefit more from “free as in beer” than from free as in speech.
C is a terrible language for application programming.
Yes, I know — heresy, right? It’s the coolest language ever invented, it’s fast, and it works on just about any machine you care to name.
I like C, but it is really half way between writing assembly language and a real application development language — sort of a structured machine code, that happens to be somewhat portable.
OpenSSL is written in C. The Heartbleed bug is one of a class of bugs known as a “buffer overflow”. Buffer overflow usually refers to writing more data than fits in the buffer (and so overflowing into some adjacent area of memory), but in this case, it is reading more memory than there is in the buffer, and picking up data from the adjacent area.
In C, it is extremely easy to accidentally write programs with buffer overflows because of the architecture of the language. You can literally address any memory in whatever way you like. This is the power of C, but in some ways it is like using a power saw with no blade shield: There are lots of dangerous sharp edges that you better watch out for.
A good application development language should protect the programmer from mistakes. There are some languages that have good features for application development, but that is a discussion for another day.
Yes, the SSL protocol deserves some of the blame
Heartbleed is a specific bug in a specific implementation of SSL. But there would be no opportunity for this mistake if this feature were not defined in this way in the SSL protocol. Every time you add another feature to a protocol, there is more chance for an error implementing it. Every time you make a feature more complicated than the bare minimum, there is more chance for an error implementing it.
Did SSL really need a special heartbeat message, and did it really need to contain an arbitrary amount of data to be echoed back to the other end?
I am reminded of RFC-1925 – The Twelve Networking Truths. Number 12 is:
In protocol design, perfection has been reached not when there is nothing left to add, but when there is nothing left to take away.
This is a wise observation.