Daniel Barnes

a blog
Recent Posts View tags Contact me

Heartbleed, and What's Stored in RAM?

I'm in a class which discusses computer architecture. Here's a post that I posted to the form which talks about the importance of preventing your computer from "catching on fire", reading information from RAM that it should not be reading.

A cool/scary real-world example I wanted to share which illustrates a memory misuse error is a vulnerability in a popular encryption library, OpenSSL, called “Heartbleed”.

Heartbleed illustrates an example where C code is tricked and told to read data from memory beyond the allocated memory block, and thus begins to spit out data from memory (“undefined behavior” in C). Basically, this means C was told to allocate some space in memory for some data, and then when the user asks for the data in a specific way, there’s a case where the software will spit out the data that was asked for, plus some excess data read from slots in memory beyond what was allocated. The result is that the software spits out "raw" data from RAM that it should not be accessing on purpose. (This issue was since patched, as seen in the link).

This data in memory can be anything from dereferenced garbage (since free() does not “scrub” data and delete the contents of its memory block) to data that might still be important and in use, such as passwords, private keys, or otherwise vital data which should not be retrieved by unauthorized users.

This can also be seen as a cool illustration of how data is only data in the context of how it is interpreted. Much of the data stored in RAM can be interpreted as total garbage in some contexts, and information in other contexts. If the block of data you retrieved was in the middle of an image, which you tried to read as UTF-8 encoded text, it might look like:


ix'L??B??˞?t??  ???ocxբl???/52?Ï?IJ?'?_t???_???Wdό?<DZ,:??sX??Ws?/%??~???~Ts?\??5???e?|m4?mռ?vc?C??F?Ƽ?U??E??`??"w?m?d?(??Q޺??v??ũ]nj?1??l?l??1#?;?&W???????+??SBnK?????-?͖VFnZ6lc?t?^k?Dmk????$W?oe2?(??\ܒpB???????7??N???i%?????)om,d?9

Or, if part of the data was a string stored in RAM, you might find something more meaningful to the human eye when encoding to UTF-8:

?d5#KY???????P??XPg? ?ˬ, op??0??C??=?+I(??ε??^??=?:????[?73??M?i??r?]?_??%?U?M]

?b??q?GSU??/A????p??LE~LkP?A??tb                      ?!.t?<

                               ?A?3???0X?Z2?h???es?g^e?I?v?3e?w??-??z0?v0U?0U?0?0U+?iG?v ??k?.@??G^0U#0?+?iG?v ??k?.@??G^0?U 0?0? *?H??cd0??0+https://www.apple.com/appleca/0?+0????Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate pol?\6?L-x?팛??w??v?w0O????=G7?@?,Ա?ؾ?s???d?yO4آ>?

Given the multitude of ways data is stored on a computer, most information read directly from memory will look like random gibberish if you try to read it as text (because chances are it's probably not text, it could be code instructions or images or objects or numbers or structures...).

I thought this was just a fun example of why memory misuse errors can be particularly bad (revealing passwords or other private data) and what it means when memory only means something in a specific context (since the ones and zeros in memory can be interpreted in a multitude of ways, and should only really be interpreted in the context they were created in/should be used in).

By Daniel, on November 4, 2018, 4:27 pm