I am not openssl expert and here is just my observation.
TLS frame messages into length-prefixed "records". Each records has a
1 byte contentType and a 2 byte record length, followed by the record
content and MAC.
Heartbeat messages are TLS records with contentType 24 of this content format:
struct {
HeartbeatMessageType type;
uint16 payload_length;
opaque payload[HeartbeatMessage.payload_length];
opaque padding[padding_length];
} HeartbeatMessage;
Note that there are two length fields involved, the TLS record length
and the heartbeat message payload_length. It is possible to construct
a heartbeat message that has the heartbeat payload_length larger than
the record length. The TLS heartbeat protocol further requires that
the respondent of heartbeat request should copy the payload to the
response. Failing to bound check the heartbeat message payload_length,
openssl may copy the memory region beyond the incoming record buffer
to the response buffer. The 64 k limit is the maximum possible size of
a TLS record because the length is 2 byte long.
Edwin
Edwin
On Mon, Apr 7, 2014 at 7:14 PM, <[email protected]> wrote:
> The git blame in a heartbeat:
>
> http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db9023b881d7cd9f379b0c154650d6c108e9a3
>
> The big question is:
>
> Seeing these diff lines, how does one reveal 64k of memory?
> The first who codes is the first who posts.
>
> _______________________________________________
> cryptography mailing list
> [email protected]
> http://lists.randombit.net/mailman/listinfo/cryptography
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
