The Cloudbleed Story:Article by Thomas Fox-Brewster of Forbes:
...which refers to the finder of the bug, Tavis Ormandy, and this blog post:
And Cloudflare's announcement, which includes many technical details worth reading:
... which lays out the root cause (sigh)
/* generated code */
if ( ++p == pe )
The root cause of the bug was that reaching the end of a buffer was checked using the equality operator and a pointer was able to step past the end of the buffer. This is known as a buffer overrun. Had the check been done using >= instead of == jumping over the buffer end would have been caught.
Incidentals:What is Google Project Zero? And why does it exist? Pretty fascinating, actually:
Project Zero is the name of a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. It was announced on 15 July 2014. [wikipedia] https://en.wikipedia.org/wiki/Project_Zero_(Google)
The Wikipedia summary is definitely worth a read.
And the Project Zero blog:
#cloudbleed #cloudflare #GoogleProjectZero