Reputation: 127
How to ensure or check if the unitialised memory contains 0s?
I'm trying to reproduce the skipTLS attack against cyassl < 3.3.0 (wolfSSL) that allows to skip steps in the handshake and thus impersonate a server and force the client to communicate in clear. The specific attack is described here : http://www.ieee-security.org/TC/SP2015/papers-archived/6949a535.pdf (p. 9-10).
This exploit relies on the fact that unitialised memory in the cyassl client (coded in C) is set to 0 (a 12-long byte array).
The attack inexplicably fails, and I wanted to check if it was because the unitialised memory wasn't set to 0.
Now, the papers claims :
Consequently, the byte array that stores the transcript MAC remains uninitialized, and in most runtime environments this array contains zeroes.
I'm running the client on Ubuntu 16.04.
Would you know of a way to check if the memory contains 0s (debugging would be quite painful as I'm working in blackbox) ?
Or, alternatively, would there be an environment in which the probability that this area of uninitialised memory contains 0s would be higher ?
I know that I can't ever be sure that it always contains 0, but if it works from time to time, it's fine by me.
Upvotes: 0
Views: 60
Answers (0)
Related Questions
- How to check whether all bytes in a memory block are zero
- Testing whether memory is accessible in Linux
- How to check the condition of individual bytes stored in an address?
- how to validate a pointer using built in functions other than a NULL check?
- how to make sure an allocate buffer is in memory
- How to check unsigned char pointer checking with zero in driver code?
- How do I check if a variable is in memory 0xfdfdfdfd in C?
- How do I count successive null (\0) bytes in C?
- How to validate length of received byte array, which is not null terminated?
- How to know if the the value of an array is composed by zeros?