I agree with ThosLives, it was a design issue.
Heartbleed could have been avoided if the input language was designed to be context-free. The error was caused by the use of a length field, which makes the input to the system context-sensitive. This was not necessary. Start and end delimiters could have been used instead, which would have made the vulnerability impossible. The input language to a software component should be recognised by a machine with the lowest computational power possible. In the case of a TLS hearbeat message a regular language would do the job. Comments which were mentioning it should not have been implemented in C were close to the mark, the input parser should have used only regular expressions.
I have written a review of a paper on this topic which has changed the way I think about designing software inputs: http://edenduthie.com/2014/05/...
Slashdot Mirror
I agree with ThosLives, it was a design issue. Heartbleed could have been avoided if the input language was designed to be context-free. The error was caused by the use of a length field, which makes the input to the system context-sensitive. This was not necessary. Start and end delimiters could have been used instead, which would have made the vulnerability impossible. The input language to a software component should be recognised by a machine with the lowest computational power possible. In the case of a TLS hearbeat message a regular language would do the job. Comments which were mentioning it should not have been implemented in C were close to the mark, the input parser should have used only regular expressions. I have written a review of a paper on this topic which has changed the way I think about designing software inputs: http://edenduthie.com/2014/05/...