Logo
RSS Feed

💔 Heartbleed

Created: 12.05.2023

This is about … .

Mechanics

Code

From ChatGPT, to verify:

struct {
    unsigned short length;
    unsigned char payload[1]; /* OpenSSL makes this 1 for flexibility */
} HeartbeatMessage;

void tls_process_heartbeat(SSL *s)
{
    unsigned char *buffer, *p;
    unsigned short hbtype;
    unsigned int payload;
    unsigned int padding = 16; /* Use minimum padding */

    /* Read type and payload length first */
    hbtype = *p++;
    n2s(p, payload);
    buffer = OPENSSL_malloc(1 + 2 + payload + padding);
    p = buffer;

    /* Enter response type, length and copy payload */
    *p++ = TLS1_HB_RESPONSE;
    s2n(payload, p);
    memcpy(p, &s->s3->rrec.data[0], payload);

    /* ... send the heartbeat message ... */

    OPENSSL_free(buffer);
}

References

Expand… Something here