Notice a difference in the Internet-Draft and the final RFC:

https://tools.ietf.org/html/draft-seggelmann-tls-dtls-heartbeat-01
vs.
https://tools.ietf.org/html/rfc6520

The draft leaves out the length, as if implementations will read in the payload as a null-terminated string. Implementation of the draft under those assumptions would not have led to a security compromise, and I have to believe the authors of the draft had a working test implementation of their draft specification.

IMHO, the RFC and the OpenSSL reference implementation were designed to intentionally introduce this security vulnerability.

Prior drafts and RFCs from R. Seggelmann attribute his employment to T-Systems, a subsidiary of T-Mobile, a subsidiary of Deutsche Telekom, formerly a state-owned monopoly which continues to maintain a close relationship with BND (Federal Intelligence Service).