If the system has a vulnerable version of OpenSSL, and the
admin has told us to allow it, we want to catch and stop
the problem.
unsigned int (*record_minus)(record_t *buf, void *ptr,
unsigned int size);
+ bool invalid_hb_used;
/*
* Framed-MTU attribute in RADIUS,
state->info.handshake_type = ((unsigned char const *)buf)[0];
state->info.alert_level = 0x00;
state->info.alert_description = 0x00;
+
+#ifdef SSL3_RT_HEARTBEAT
+ } else if (content_type == TLS1_RT_HEARTBEAT) {
+ uint8_t *p = buf;
+
+ if ((len >= 3) && (p[0] == 1)) {
+ size_t payload_len;
+
+ payload_len = (p[1] << 8) | p[2];
+
+ if ((payload_len + 3) > len) {
+ state->invalid_hb_used = true;
+ ERROR("OpenSSL Heartbeat attack detected. Closing connection");
+ return;
+ }
+ }
+#endif
}
tls_session_information(state);
}
{
int err;
+ if (ssn->invalid_hb_used) return 0;
+
err = BIO_write(ssn->into_ssl, ssn->dirty_in.data, ssn->dirty_in.used);
if (err != (int) ssn->dirty_in.used) {
RDEBUG("Failed writing %d to SSL BIO: %d", ssn->dirty_in.used,