Guest User

Untitled

a guest
Apr 7th, 2014
12,126
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. $ diff -r openssl-1.0.1f/ssl/t1_lib.c openssl-1.0.1g/ssl/t1_lib.c
  2.  
  3.  
  4.  
  5. #ifndef OPENSSL_NO_HEARTBEATS #ifndef OPENSSL_NO_HEARTBEATS
  6. int int
  7. tls1_process_heartbeat(SSL *s) tls1_process_heartbeat(SSL *s)
  8. { {
  9. unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned char *p = &s->s3->rrec.data[0], *pl;
  10. unsigned short hbtype; unsigned short hbtype;
  11. unsigned int payload; unsigned int payload;
  12. unsigned int padding = 16; /* Use minimum padding */ unsigned int padding = 16; /* Use minimum padding */
  13.  
  14. /* Read type and payload length first */ <
  15. hbtype = *p++; <
  16. n2s(p, payload); <
  17. pl = p; <
  18. <
  19. if (s->msg_callback) if (s->msg_callback)
  20. s->msg_callback(0, s->version, TLS1_RT_HEARTB s->msg_callback(0, s->version, TLS1_RT_HEARTB
  21. &s->s3->rrec.data[0], s->s3->rrec.len &s->s3->rrec.data[0], s->s3->rrec.len
  22. s, s->msg_callback_arg); s, s->msg_callback_arg);
  23.  
  24. > /* Read type and payload length first */
  25. > if (1 + 2 + 16 > s->s3->rrec.length)
  26. > return 0; /* silently discard */
  27. > hbtype = *p++;
  28. > n2s(p, payload);
  29. > if (1 + 2 + payload + 16 > s->s3->rrec.length)
  30. > return 0; /* silently discard per RFC 6520 se
  31. > pl = p;
  32. >
  33. if (hbtype == TLS1_HB_REQUEST) if (hbtype == TLS1_HB_REQUEST)
  34. { {
  35. unsigned char *buffer, *bp; unsigned char *buffer, *bp;
  36. int r; int r;
  37.  
  38. /* Allocate memory for the response, size is /* Allocate memory for the response, size is
  39. * message type, plus 2 bytes payload length, * message type, plus 2 bytes payload length,
  40. * payload, plus padding * payload, plus padding
  41. */ */
  42. buffer = OPENSSL_malloc(1 + 2 + payload + pad buffer = OPENSSL_malloc(1 + 2 + payload + pad
  43. bp = buffer; bp = buffer;
  44.  
  45. /* Enter response type, length and copy paylo /* Enter response type, length and copy paylo
  46. *bp++ = TLS1_HB_RESPONSE; *bp++ = TLS1_HB_RESPONSE;
  47. s2n(payload, bp); s2n(payload, bp);
  48. memcpy(bp, pl, payload); memcpy(bp, pl, payload);
  49. bp += payload; bp += payload;
  50. /* Random padding */ /* Random padding */
  51. RAND_pseudo_bytes(bp, padding); RAND_pseudo_bytes(bp, padding);
  52.  
  53. r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, bu r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, bu
  54.  
  55. if (r >= 0 && s->msg_callback) if (r >= 0 && s->msg_callback)
  56. s->msg_callback(1, s->version, TLS1_R s->msg_callback(1, s->version, TLS1_R
  57. buffer, 3 + payload + padding buffer, 3 + payload + padding
  58. s, s->msg_callback_arg); s, s->msg_callback_arg);
  59.  
  60. OPENSSL_free(buffer); OPENSSL_free(buffer);
  61.  
  62. if (r < 0) if (r < 0)
  63. return r; return r;
  64. } }
  65. else if (hbtype == TLS1_HB_RESPONSE) else if (hbtype == TLS1_HB_RESPONSE)
  66. { {
  67. unsigned int seq; unsigned int seq;
  68.  
  69. /* We only send sequence numbers (2 bytes uns /* We only send sequence numbers (2 bytes uns
  70. * and 16 random bytes, so we just try to rea * and 16 random bytes, so we just try to rea
  71. * sequence number */ * sequence number */
  72. n2s(pl, seq); n2s(pl, seq);
  73.  
  74. if (payload == 18 && seq == s->tlsext_hb_seq) if (payload == 18 && seq == s->tlsext_hb_seq)
  75. { {
  76. s->tlsext_hb_seq++; s->tlsext_hb_seq++;
  77. s->tlsext_hb_pending = 0; s->tlsext_hb_pending = 0;
  78. } }
  79. } }
  80.  
  81. return 0; return 0;
  82. } }
RAW Paste Data