Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS: add detection for malicious heartbeats (AKA heartbleed) #924

Merged
merged 1 commit into from Apr 9, 2014
Merged

TLS: add detection for malicious heartbeats (AKA heartbleed) #924

merged 1 commit into from Apr 9, 2014

Conversation

chifflier
Copy link
Contributor

The OpenSSL implementation of RFC 6520 (Heartbeat extension) does not
check the payload length correctly, resulting in a copy of at most 64k
of memory from the server (ref: CVE-2014-0160).
This patch adds support for decoding heartbeat messages (if not
encrypted), and checking several parts (type, length and padding).
When an anomaly is detected, a TLS event is raised.

@pc-anssi
TLS: add detection for malicious heartbeats (AKA heartbleed)
d476c65 
The OpenSSL implementation of RFC 6520 (Heartbeat extension) does not
check the payload length correctly, resulting in a copy of at most 64k
of memory from the server (ref: CVE-2014-0160).
This patch adds support for decoding heartbeat messages (if not
encrypted), and checking several parts (type, length and padding).
When an anomaly is detected, a TLS event is raised.
@chifflier chifflier mentioned this pull request Apr 9, 2014
Closed
@inliniac
Copy link
Contributor

inliniac commented Apr 9, 2014

Prscript is happy:

@inliniac inliniac merged commit d476c65 into OISF:master Apr 9, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@chifflier @inliniac @pc-anssi