No. Accessing uninitialized data leads to undefined behaviour. It can be argued that this undefined behaviour should logically/morally/statistically be limited to filling that memory region with arbitrary data, while letting the system be otherwise unaffected, but that is not required by the standard. The question of what undefined means w.r.t. the C standard has come up many, many times in the past where users have repeatedly expected that code triggering undefined behaviour should still result in what they feel is «reasonable behaviour», e.g. a limit to the definition of undefined. This point of view has never been accepted, as it has time and time again been found that doing so will decrease the performance or the reliability of software. It would be perfectly standards compliant for the compiler to emit code causing the system to crash, or to eject a spear from the monitor into the users head. The former behaviour would probably be ideal. As has been said many, many times earlier in this debate, relying on 'clever tricks' that happen to work on most modern systems is a very bad idea. Causing programs like Valgrind to spew out errors making debugging harder is the least of the problems with this code; it will very likely cause programs to crash under some future environemnt and it makes the code significantly harder to understand. Because uninitialized memory is also something that an attacker may be able to guess or even modify, this is also a rather significant information leak. All said and done, this part of the OpenSSL code is a very large and scary bug. The fact that the OpenSSL developers seem to be unwilling to admit to just how bad the quality of this code was really scares me w.r.t. the overall quality of OpenSSL. If this type of gung ho, «works for me» attitude is common in OpenSSL, there are likely many more of these issues lurking around in that code base. Note 1: Obviously, the bug created by the DD while trying to fix the original bug was much bigger than the original bug. Note 2: The existance of extremely shoddy code in OpenSSL is not what scares me - we are all fallible. What scares me is the response of the OpenSSL team.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds