Comment by philip1209
8 years ago
Interesting. Cloudflare uses a lot of Go, which should hypothetically be memory safe. Was this system in Go? If so, I would be interested in seeing proof of concept code for a vulnerability like this.
8 years ago
Interesting. Cloudflare uses a lot of Go, which should hypothetically be memory safe. Was this system in Go? If so, I would be interested in seeing proof of concept code for a vulnerability like this.
Their old Ragel-based parser was affected. According to their post mortem both the old parser and the new cf-html one are compiled as nginx modules so I'd venture a guess that this is probably C/C++ code since afaik you can't extend nginx through modules written in Go.
> It turned out that the underlying bug that caused the memory leak had been present in our Ragel-based parser for many years but no memory was leaked because of the way the internal NGINX buffers were used. Introducing cf-html subtly changed the buffering which enabled the leakage even though there were no problems in cf-html itself.
https://blog.cloudflare.com/incident-report-on-memory-leak-c...
There's a section in that blog post titled "Root cause of the bug" that goes in further detail.
It was a bug in C code (automatically generated by the Ragel state-machine compiler), some details are in CFs blog post: https://blog.cloudflare.com/incident-report-on-memory-leak-c...