Me: OpenSSH is one of the most secure apps ever written, even in C C Haters: no it’s not! Several RCE bugs! Me: prove it. Show me a working exploit. *crickets* FUD and Security pedanticism is unbecoming of our insustry, Pals.
-
-
That’s total nonsense. No one that does professional code auditing would miss that. It’s the most basic C issue. I feel like you’re just trying hard to make your point. There are far more serious undefined issues. Evading this is cake.
-
A majority of my public exploits since ~2005 have come from this class. See the LZ4/LZO bug from 2014 as an example.
-
*COUGH*INDUSTRYFULLOFCHARLATANS*COUGH* Computers are magic rocks that we tricked into counting time and doing math really fast with lightning.

-
Worse issue: evaluate pointer arithmetic in kernel land and tell me if the kernel can correctly verify whether a pointer will be dereferenced in userland or kernel land ;)
-
“Professional code auditors” not grokking this stuff is because infosec “professionals” are not engineers. So maybe engineers who write C for a living should be respected a bit more.
-
Just because a bunch of infosec pros don’t get this means nothing to me when infosec pros can’t code for crap.
End of conversation
New conversation -
-
-
THIS is a constructive discussion where intellectual disagreement didn’t prevent technical discourse. May I add: 1) Language-choice is indeed architecture design issue- I’d say that security is a systems problem! 2) Not b/c I wrote but b/c exact context: http://blog.securitymouse.com/2016/07/this-old-vulnerability-guest-post.html?m=1 …
-
Andreas brought up entire classes of vulnerabilities and Don brought up writing C becoming comparatively easier lately... in linked post, I discussed BOTH these issues from the context of mitigating a certain class of C vulnerabilities. We see that both arguments have merit!
End of conversation
New conversation -
-
-
so none of the "code auditors" you showed this to are competent. integer overflows have just been around for 20 years, and the signed arithmetic "optimisations" of the compiler for slightly less long.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Use of int for a size, multiplication to compute a size with no prior overflow check.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.