Understanding and detecting disordered error handling with precise function pairing

Qiushi Wu, Aditya Pakki, Navid Emamdoost, Stephen McCamant, Kangjie Lu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Software programs may frequently encounter various errors such as allocation failures. Error handling aims to gracefully deal with the errors to avoid security and reliability issues, thus it is prevalent and vital. However, because of its complexity and corner cases, error handling itself is often erroneous, and prior research has primarily focused on finding bugs in the handling part, such as incorrect error-code returning or missing error propagation. In this paper, we propose and investigate a class of bugs in error-handling code from a different perspective. In particular, we find that programs often perform “cleanup” operations before the actual error handling, such as freeing memory or decreasing refcount. Critical bugs occur when these operations are performed (1) in an incorrect order, (2) redundantly, or (3) inadequately. We refer to such bugs as Disordered Error Handling (DiEH). Our investigation reveals that DiEH bugs are not only common but can also cause security problems such as privilege escalation, memory corruption, and denial-of-service. Based on the findings from the investigation, we then develop a system, HERO (Handling ERrors Orderly), to automatically detect DiEH. The core of HERO is a novel technique that precisely pairs both common and custom functions based on the unique error-handling structures, which allows us to infer expected cleanup functions. With HERO, we found 239 DiEH bugs in the Linux kernel, the FreeBSD kernel, and OpenSSL, which can cause security and reliability issues. The evaluation results show that DiEH is critical and widely exists in system software, and HERO is effective in detecting DiEH. We also believe that the precise function pairing is of independent interest in other research areas such as temporal-rule inference and race detection.

Original languageEnglish (US)
Title of host publicationProceedings of the 30th USENIX Security Symposium
PublisherUSENIX Association
Pages2041-2058
Number of pages18
ISBN (Electronic)9781939133243
StatePublished - 2021
Event30th USENIX Security Symposium, USENIX Security 2021 - Virtual, Online
Duration: Aug 11 2021Aug 13 2021

Publication series

NameProceedings of the 30th USENIX Security Symposium

Conference

Conference30th USENIX Security Symposium, USENIX Security 2021
CityVirtual, Online
Period8/11/218/13/21

Bibliographical note

Funding Information:
We thank our shepherd, Mathias Payer, and the anonymous reviewers for their helpful suggestions and comments. We are grateful to Linux maintainers for providing prompt feedback on patching the Linux kernel. The authors also thank Peng Le for helping implement function pairing. This research was supported in part by the NSF awards CNS-1815621 and CNS-1931208. Any opinions, findings, conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of NSF.

Publisher Copyright:
© 2021 by The USENIX Association. All rights reserved.

Fingerprint

Dive into the research topics of 'Understanding and detecting disordered error handling with precise function pairing'. Together they form a unique fingerprint.

Cite this