Title: Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China
Authors: Shencha Fan, Jackson Sippe, Sakamoto San, Jade Sheffey, David Fifield, Amir Houmansadr, Elson Wedwards, Eric Wustrow
Paper (HTML): https://gfw.report/publications/ndss25/en/
Chinese translation (HTML): Wallbleed(墙出血):中国防火长城中的内存数据泄露漏洞
Source code and open dataset
Slides (PDF)
Abstract
We present Wallbleed, a buffer over-read vulnerability that existed in the DNS injection subsystem of the Great Firewall of China. Wallbleed caused certain nation-wide censorship middleboxes to reveal up to 125 bytes of their memory when censoring a crafted DNS query. It afforded a rare insight into one of the Great Firewall’s well-known network attacks, namely DNS injection, in terms of its internal architecture and the censor’s operational behaviors.
To understand the causes and implications of Wallbleed, we conducted longitudinal and Internet-wide measurements for over two years from October 2021. We (1) reverse-engineered the injector’s parsing logic, (2) evaluated what information was leaked and how Internet users inside and outside of China were affected, and (3) monitored the censor’s patching behaviors over time. We identified possible internal traffic of the censorship system, analyzed its memory management and load-balancing mechanisms, and observed process-level changes in an injector node. We employed a new side channel to distinguish the injector’s multiple processes to assist our analysis. Our monitoring revealed that the censor coordinated an incorrect patch for Wallbleed in November 2023 and fully patched it in March 2024.
Wallbleed exemplifies that the harm censorship middleboxes impose on Internet users is even beyond their obvious infringement of freedom of expression. When implemented poorly, it also imposes severe privacy and confidentiality risks to Internet users.
Background and Timeline
The vulnerable DNS Injector was called "Injector 3" in the "Triplet Censor" paper (See Figure 4 of Anonymous et al., reading group: #47).
Note that while "Injector 3" is still online, its fingerprints have changed to something different from the ones reported in the "Triplet Censor" paper since around early 2024, or late 2023.
It is not the first time (nor may it be the last time) that a memory-disclosure vulnerability was found in the Great Firewall of China.
As introduced in the "Related Work" section of the paper:
The past work that most resembles, and indeed inspires, our own is gfw-looking-glass.sh, a one-line shell script posted by @klzgrad from gfwrev in 2010 (Net4People post: #25). To the best of our knowledge, it was the first memory-dumping vulnerability in the GFW. DNS queries with a name truncated after the first byte of a 2-byte compression pointer caused the GFW’s DNS parser to treat nearby memory as part of the name, and leak it back in the injected response. This vulnerability was fixed prior to our discovery of Wallbleed. The script incidentally demonstrated that a query name containing an embedded dot character, 06 w u x . r u , was treated the same as one correctly split into separate labels, 03 w u x 02 r u , indicating that the GFW, at that time too, serialized the name to a dotted string before matching it against a blocklist, rather than matching on structured labels. In 2014, klzgrad found that the GFW’s DNS injector had ceased to interpret compression pointers, opening opportunities to evade DNS injection with queries that used pointers in unusual ways (https://gist.github.com/klzgrad/f124065c0616022b65e5).
Wallbleed was independently discovered by Sakamoto and Wedwards in 2023 (Net4People Reading group: #367). They analyzed the leaked data, inferred the characteristics of the GFW’s processes, and proposed several attacks leveraging this vulnerability. Apart from confirming their observations, we developed the study of Wallbleed further with longitudinal and Internet-wide measurements of more than two years since October 2021. We uncovered the root cause of Wallbleed, reconstructed the parsing logic in C code, used a novel side channel to identify individual processes in the vulnerable injector, examined affected IP addresses, and, after the first incomplete patch of November 2023, found the Wallbleed v2 vulnerability.
Title: Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China
Authors: Shencha Fan, Jackson Sippe, Sakamoto San, Jade Sheffey, David Fifield, Amir Houmansadr, Elson Wedwards, Eric Wustrow
Paper (HTML): https://gfw.report/publications/ndss25/en/
Chinese translation (HTML): Wallbleed(墙出血):中国防火长城中的内存数据泄露漏洞
Source code and open dataset
Slides (PDF)
Abstract
We present Wallbleed, a buffer over-read vulnerability that existed in the DNS injection subsystem of the Great Firewall of China. Wallbleed caused certain nation-wide censorship middleboxes to reveal up to 125 bytes of their memory when censoring a crafted DNS query. It afforded a rare insight into one of the Great Firewall’s well-known network attacks, namely DNS injection, in terms of its internal architecture and the censor’s operational behaviors.
To understand the causes and implications of Wallbleed, we conducted longitudinal and Internet-wide measurements for over two years from October 2021. We (1) reverse-engineered the injector’s parsing logic, (2) evaluated what information was leaked and how Internet users inside and outside of China were affected, and (3) monitored the censor’s patching behaviors over time. We identified possible internal traffic of the censorship system, analyzed its memory management and load-balancing mechanisms, and observed process-level changes in an injector node. We employed a new side channel to distinguish the injector’s multiple processes to assist our analysis. Our monitoring revealed that the censor coordinated an incorrect patch for Wallbleed in November 2023 and fully patched it in March 2024.
Wallbleed exemplifies that the harm censorship middleboxes impose on Internet users is even beyond their obvious infringement of freedom of expression. When implemented poorly, it also imposes severe privacy and confidentiality risks to Internet users.
Background and Timeline
The vulnerable DNS Injector was called "Injector 3" in the "Triplet Censor" paper (See Figure 4 of Anonymous et al., reading group: #47).
Note that while "Injector 3" is still online, its fingerprints have changed to something different from the ones reported in the "Triplet Censor" paper since around early 2024, or late 2023.
It is not the first time (nor may it be the last time) that a memory-disclosure vulnerability was found in the Great Firewall of China.
As introduced in the "Related Work" section of the paper: