-=[Advanced Information Security Corp]=- Author: Nicholas Lemonias Report Date: 2/4/2015 Email: lem.nikolas (at) gmail (dot) com [email concealed] Introduction ========== During a source-code audit of the OpenSSL v1.0.2a (Latest) implementation for linux; conducted internally by the Advanced Information Security Group, instances of insecure function use were observed, which could lead to a number of attacks. Software Overview =============== OpenSSL is an open-source implementation of the SSL and TLS protocol. The core library is written in the C Language, and implements basic cryptographic functions, and also provides various utility functions. Implementation versions are available for most UNIX-like operating systems (including Solaris,Linux, Mac OS X and the various open-source BSD operating systems), OpenVMS and Microsoft Windows. IBM provides a port for the System i (OS/400). OpenSSL is based on SSLeay by Eric Andrew Young and Tim Hudson, development of which unofficially ended on December 17, 1998, when Young and Hudson both started to work for RSA Security. PoC 1 - Code Snippet [CWE 362] ======================== (.../openssl-1.0.2a/crypto/rand/randfile.c:264) out = vms_fopen(file, "rb+", VMS_OPEN_ATTRS); if (out == NULL) out = vms_fopen(file, "wb", VMS_OPEN_ATTRS); #else if (out == NULL) out = fopen(file, "wb"); #endif if (out == NULL) goto err; #ifndef NO_CHMOD chmod(file, 0600); Description: The calling function does not provide any security validation controls, which would effectively prevent a race condition. The use of open() with the right attributes was agreed. PoC 2 - Code Snippet [CWE 690] /Issue #3786 ============================================= (.../openssl-1.0.2a/crypto/mem.c:386) char *CRYPTO_strdup(const char *str, const char *file, int line) { char *ret = CRYPTO_malloc(strlen(str) + 1, file, line); strcpy(ret, str); return ret; } Description: The function call does not make sure that ret is not NULL. [3] ------------------------------------------------ This is a follow up. A patch for the issue has been provided by the OpenSSL team: http://elandsys.com/~logan/mem.c.diff PoC 3 - Code Snippet [CWE 134] ======================== (.../openssl-1.0.2a/ssl/kssl.c:970) fprintf(stderr, (isprint(adata->contents[i])) ? "%c " : "%02x", adata->contents[i]); Description: The function call is prone to a format string attack. Appendices ========== Sincere Thanks to the OpenSSL team for their mutual efforts. References ========== [1] Oracle (2015). Basic Library Functions - Title: fopen() man pages section 3: Basic Library Functions [Online] Available at: http://docs.oracle.com/cd/E23824_01/html/821-1465/fopen-3c.html#scrollto c [Last Accessed 2 April, 2015] [2] M. Howard, D. LeBlanc Writing Secure Code, Second Edition Microsoft Press [3] http://openssl.6102.n7.nabble.com/openssl-dev-openssl-org-3786-PATCH-Check-return-value-of-CRYPTO-malloc-td57428.html