C-loudbleed, a C pointer arithmetic bug in Cloudflare

https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

retards

how does taviso always find the bugs?

I am glad there are people like Cudder who can write safe, robust, optimized C code so my internet is 5% faster year on year.

C is a bad lanugejng

NOT AS BAD AS PYTHON THOUGH LMAO !

This isn't caused by C though, it's due to an error in Ragel source code that is then compiled to C. It would be like saying x86 is a flawed design because someone can write strlen((char*)main) and compile it.

It's also not a flaw in the Ragel state machine compiler, and even if it was, the Ragel compiler is written in sepples, not C. C code only became involved at the very last stage, when the Ragel compiler is actually generating output.

The error existed in the Ragel source file, and was propagated into whatever internal representation the Ragel compiler uses, before any C was even involved. This really isn't the sort of thing you can reasonably blame on C, the C compiler only did exactly what it was told to do. That a compiler gives invalid output when given invalid input is not a meaningful criticism of the language.

>>6
It's a flaw because why the fuck would anyone want to leak over outside of the array

>>7
Flaw exists in code given to Ragel compiler. Fault lies with human programmer, or maybe with lack of compile-time safety in Ragel compiler, if intended for use by programmers with tendency to write incorrect code. Ragel and C compilers not to blame, both do exactly as told.

>>6

It would be like saying x86 is a flawed design because someone can write strlen((char*)main) and compile it.

C is such a flawed design that x86 has to bend over backwards to accommodate its flaws. Proper use of x86 would put functions in the code segment, which can be made execute-only.

This really isn't the sort of thing you can reasonably blame on C, the C compiler only did exactly what it was told to do.

That makes it a ``bug'' in C standard, the C compiler, or both. A proper compiler would not generate code or it would generate run-time checks to prevent the illegal access from happening. Proper use of x86 (segments) would have kept this from happening at all. AMD extended x86 assuming it was a C machine and crippled all of the security mechanisms in 64-bit mode.

>>6
Why does strlen((char*)main) return 11?

>>10
Because check these awesome dubs, obviously.

>>11
xD

>>9

C is such a flawed design that x86 has to bend over backwards to accommodate its flaws. Proper use of x86 would put functions in the code segment, which can be made execute-only.

C compilers don't do that? I see no reason why the C semantics would prevent that, since function pointers aren't even required to be the same size as data pointers.

That makes it a ``bug'' in C standard, the C compiler, or both. A proper compiler would not generate code or it would generate run-time checks to prevent the illegal access from happening.

The bug lies in your expectations. C compilers are supposed to do exactly what they say, they're designed with the assumption that the programmer knows what they're doing. Either:
A) stop expecting safety checks to be put in for you
B) use a high-level language that markets itself as having those checks built-in
or
C) run static analysis tools on your code before compiling it

>>10
Strlen is a pretty simple function, a possible implementation could be
size_t strlen(char *s) {
size_t i = 0;
while(s[i]) ++i;
return i;
}
Basically it just keeps incrementing until it finds a byte with all bits set to zero. So apparently the code generated by your compiler placed the first 0 byte of main at main+12.

This is why I stopped programming in Cloudflare.

This is why I never started programming in Cloudflare.

This is why Cloudflare should be banned.

Free Cloudflare is guaranteed by the Constitution, it cannot be banned.

THIS HAPPENDS BECAUSE C IS HARMFUL LANGUAGE TERRORIST ALL COMPUTER VIRUS ARE CREATED WITH C LANGUAGE I AM THE MOST HASKELL COMPUTER SCIENCE EVERYON SHOULD USE HASKELL FOR SECURITY

they should a read da standad

C a good boy he dindu nuffin, it all rayciss-ass programmers keepin' da compiler down.

C is to blame. Hang him high!

do you know whom wrote the C code in question?

the answer will shock you

it was produced by a parser generator

>>22
Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?

>>9
but the bug has nothing to do with functions not being execute only. this is something C compilers already do, although it's not bulletproof (see: ROP). the bug here is an out-of-bounds read of data, not code.

>>22
Actually, ragel is a state machine compiler, and this brings me to, I think, an interesting point.

According to the ragel homepage,

Ragel compiles executable finite state machines from regular languages

HTML is not a regular language, so how could they have written a non-buggy parser in the first place?

>>25
Its parser in the sense it 'parses'(regex-search-and-replace) by finding relevant elements, not that it builds DOM trees, walking and constructing list nodes:
From the article:
Many of Cloudflare’s services rely on parsing and modifying HTML pages as they pass through our edge servers. For example, we can insert the Google Analytics tag, safely rewrite http:// links to https://, exclude parts of a page from bad bots, obfuscate email addresses, enable AMP, and more by modifying the HTML of a page.

And it worked until several conditions of 'normal HTML' were violated:
In order for the memory to leak the following had to be true:
The final buffer containing data had to finish with a malformed script or img tag
The buffer had to be less than 4k in length (otherwise NGINX would crash)
The customer had to either have Email Obfuscation enabled (because it uses both the old and new parsers as we transition),
… or Automatic HTTPS Rewrites/Server Side Excludes (which use the new parser) in combination with another Cloudflare feature that uses the old parser. … and Server-Side Excludes only execute if the client IP has a poor reputation (i.e. it does not work for most visitors).

That explains why the buffer overrun resulting in a leak of memory occurred so infrequently.

JUST BAN C ON IMPORTANT SYSTEMS!!! REPLACE CRITICAL SYSTEMS USING C WITH HASKELL AND THERE WOULD BE NO SOFTWARE SCIENCE ERRORS!!!!!!

>>27
lol

>>28
Excuse me.

its funny how rust gets touted as safe

there's no math model of the type system, no proof at all that this borrow checker shit actually helps safety. it's just a guess.

and it's implemented in terms of LLVM, which is of course perfect so assuming the model is valid surely the LLVM output will be too

..and the fact that it's brand new doesn't mean anything. you know its safe because <https://twitter.com/steveklabnik> says so. zero cost abstraction.

>>30
LLVM will be safe once it's written in Rust.

>>31
jesus christ im so sick of you. how did you find this site? Your posts are so fucking dumb. You don't know anything. just leave.

>>32
progrider will be safe once it's written in Rust

>>33
🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸
I claim these dubz in the name of the United States of America
🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸🇺🇸

>>31,33
RUST IS THE TEH SAME TERROR AS C FOR EXPERIENCD PEOPLE. THERE ARE NO EXPERT COMPUTER DOCTORS WORKIN ON RUST BECAUSE THEY KNOW IT IS UNSAFE TERROR FOR COMPUTER SCIENCE!!!! INSTED THEY GET THIS PPL:

https://github.com/rust-lang/rust/commit/b748c2e90d87985fbff1d99e17d94a10cf2b3f21

THEY DONT CARE ABOUT COMPUTER SCIENCE AND SAFE PROGRAMIN THEY CARE ABOUT PRONOUNS!!! SWITCH TO HASKLL

>>22

incorrect use of `whom'

Post discarded!

>>35
Do you have non anecdotal evidence?

>>37
lets see these guys implement diff