Heart Bleed

CVE-2014-0160

OpenSSL 1.0.1f, Fixed in 1.0.1g

tlsl_process_heartbeat() in t1_lib.c


// 2553 
int tls1_process_heartbeat(SSL *s){
        unsigned char *p = &s->s3->rrec.data[0], *pl;                                                                   
        unsigned short hbtype;                                                                                          
        unsigned int payload;                                                                                           
        unsigned int padding = 16; /* Use minimum padding */                                                            
                                                                                                                        
        /* Read type and payload length first */                                                                        
        hbtype = *p++;                                                                                                  
        n2s(p, payload);                                                                                                
        pl = p;                                                                                                         
                                                                                                                        
        if (s->msg_callback)                                                                                            
                s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,                                                       
                        &s->s3->rrec.data[0], s->s3->rrec.length,                                                       
                        s, s->msg_callback_arg);                                                                        
                                                                                                                        
        if (hbtype == TLS1_HB_REQUEST)                                                                                  
                {                                                                                                       
                unsigned char *buffer, *bp;                                                                             
                int r;                                                                                                  
                                                                                                                        
                /* Allocate memory for the response, size is 1 bytes                                                    
                 * message type, plus 2 bytes payload length, plus                                                      
                 * payload, plus padding                                                                                
                 */                                                                                                     
                buffer = OPENSSL_malloc(1 + 2 + payload + padding);                                                     
                bp = buffer;                                                                                            
                                                                                                                        
                /* Enter response type, length and copy payload */                                                      
                *bp++ = TLS1_HB_RESPONSE;                                                                               
                s2n(payload, bp);                                                                                       
                memcpy(bp, pl, payload);                                                                                
                bp += payload;                                                                                          
                /* Random padding */                                                                                    
                RAND_pseudo_bytes(bp, padding);                                                                         
                                                                                                                        
                r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);                              
                                     
                                     ...
}

Reference 1


  1. reference ↩
Created Feb 21, 2020 // Last Updated May 18, 2021

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?