[pro] Heartbleed?

Scott L. Burson Scott at sympoiesis.com
Wed Apr 23 17:46:20 UTC 2014


On Wed, Apr 23, 2014 at 1:06 AM, Max Rottenkolber <max at mr.gy> wrote:
>> From what I understand about the bug (I have not seen the code) it sounds
> like data length information
>> arrived both directly and indirectly in the client message and that a
> conflict between them was not
>> scrutinized.
>
> No. The bug was that the keep alive protocol in SSL mandates the server to
> echo arbitrary data back to the client. The bounds checks were wrong too,
> but at that stage it really doesn't matter. The design is just plain wrong.

It is a bit curious that the protocol mandates this echoing, and one
could certainly debate whether this is good protocol design, but as
far as the actual vulnerability goes, David's characterization is
accurate.  The heartbeat request arrives with some number of bytes of
data attached to it, and also with a length field that tells the
server how many bytes the client would like echoed back.  There was no
check that the client didn't request more bytes be echoed than it had
actually sent.

-- Scott




More information about the pro mailing list