• DocumentCode
    2493535
  • Title

    Finding Error Handling Bugs in OpenSSL Using Coccinelle

  • Author

    Lawall, Julia ; Laurie, Ben ; Hansen, René Rydhof ; Palix, Nicolas ; Muller, Gilles

  • Author_Institution
    Univ. of Copenhagen, Copenhagen, Denmark
  • fYear
    2010
  • fDate
    28-30 April 2010
  • Firstpage
    191
  • Lastpage
    196
  • Abstract
    OpenSSL is a library providing various functionalities relating to secure network communication. Detecting and fixing bugs in OpenSSL code is thus essential, particularly when such bugs can lead to malicious attacks. In previous work, we have proposed a methodology for finding API usage protocols in Linux kernel code using the program matching and transformation engine Coccinelle. In this work, we report on our experience in applying this methodology to OpenSSL, focusing on API usage protocols related to error handling. We have detected over 30 bugs in a recent OpenSSL snapshot, and in many cases it was possible to correct the bugs automatically. Our patches correcting these bugs have been accepted by the OpenSSL developers. This work furthermore confirms the applicability of our methodology to user-level code.
  • Keywords
    application program interfaces; security of data; API usage protocols; Coccinelle transformation engine; OpenSSL; application program interfaces; error handling bugs; program matching; secure sockets layer; Communication system security; Computer bugs; Computer networks; Kernel; Libraries; Linux; Pattern matching; Protocols; Search engines; Sockets;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Dependable Computing Conference (EDCC), 2010 European
  • Conference_Location
    Valencia
  • Print_ISBN
    978-0-7695-4007-8
  • Electronic_ISBN
    978-1-4244-6594-1
  • Type

    conf

  • DOI
    10.1109/EDCC.2010.31
  • Filename
    5474182
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2493535