Originally Posted by
cogset
I'd like to understand a bit more about this thing:this openssl vulnerability.
In a heartbeat, Robin Seggelmann < seggelmann at fh-muenster.de > submitted this line of code which was committed an hour before midnight on New Year's Eve, 2011 by Stephen Henson < steve at openssl.org >.
buffer = OPENSSL_malloc(1 + 2 + payload + padding);
That line of code is only present in OpenSSL versions between 1.0.1 and 1.0.1f, including betas; anything older or newer and the bug isn’t present.
The fix was simply to limit the payload plus padding to 16 bytes
Code:
- /* Read type and payload length first */ |
- hbtype = *p++; |
- n2s(p, payload); |
- pl = p; |
And, to not allow the heartbeat to exceed its maximum length:
Code:
unsigned int write_length = 1 /* heartbeat type */ +
+ 2 /* heartbeat length */ +
+ payload + padding;
+ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH)
+ return 0;
Of course, if the attacker went to the effort to save previous pcaps of traffic (are you listening GCHQ, NSA, FIS, MPS, etc?), that attacker could just pull the private key from the site and decrypt all saved communications.
The user needs to do a few things themselves.
For example, most users' web browsers are set, by default, to NOT check for revoked certificates!
chrome.png
Bookmarks