SoylentNews is people
SoylentNews
What they've found is that there's a companion memory leak (CVE-2015-5333) and buffer overflow (CVE-2015-5334) in the SSL replacement candidate.
The researchers from Qualys (their notice published here) said they were trying to see if a remote code execution attack is feasible against vulnerabilities they've turned up in OpenSMTPD (which earlier this month hit version 5.7.3).
“Because we could not find one in OpenSMTPD itself, we started to review the malloc()s and free()s of its libraries, and eventually found a memory leak in LibreSSL's OBJ_obj2txt() function; we then realized that this function also contains a buffer overflow (an off-by-one, usually stack-based).”
The memory leak provides a path for an attacker to cause a denial-of-service attack, and also permits triggering of the buffer overflow.
The LibreSSL team has released fixes for OpenBSD.
(Score: 0) by Anonymous Coward on Tuesday October 20 2015, @10:58AM
>The mistake in the article was a off-by-one error. Most modern languages makes a program to crash if you are off-by-one. With C you are in a more dangerous situation.
Which is readily solved by a custom allocator. A multitude of projects go that route.
But in this specific case I agree with the sentiment. C is obviously too hard for humans such that do a "snprintf(buf, buf_len, ".%s", bndec)". :-)
(Score: 2) by LoRdTAW on Tuesday October 20 2015, @01:25PM
I think we can blame the C libraries for this.