Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $ diff -r openssl-1.0.1f/ssl/t1_lib.c openssl-1.0.1g/ssl/t1_lib.c
- #ifndef OPENSSL_NO_HEARTBEATS #ifndef OPENSSL_NO_HEARTBEATS
- int int
- tls1_process_heartbeat(SSL *s) tls1_process_heartbeat(SSL *s)
- { {
- unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned char *p = &s->s3->rrec.data[0], *pl;
- unsigned short hbtype; unsigned short hbtype;
- unsigned int payload; unsigned int payload;
- unsigned int padding = 16; /* Use minimum padding */ unsigned int padding = 16; /* Use minimum padding */
- /* Read type and payload length first */ <
- hbtype = *p++; <
- n2s(p, payload); <
- pl = p; <
- <
- if (s->msg_callback) if (s->msg_callback)
- s->msg_callback(0, s->version, TLS1_RT_HEARTB s->msg_callback(0, s->version, TLS1_RT_HEARTB
- &s->s3->rrec.data[0], s->s3->rrec.len &s->s3->rrec.data[0], s->s3->rrec.len
- s, s->msg_callback_arg); s, s->msg_callback_arg);
- > /* Read type and payload length first */
- > if (1 + 2 + 16 > s->s3->rrec.length)
- > return 0; /* silently discard */
- > hbtype = *p++;
- > n2s(p, payload);
- > if (1 + 2 + payload + 16 > s->s3->rrec.length)
- > return 0; /* silently discard per RFC 6520 se
- > pl = p;
- >
- if (hbtype == TLS1_HB_REQUEST) if (hbtype == TLS1_HB_REQUEST)
- { {
- unsigned char *buffer, *bp; unsigned char *buffer, *bp;
- int r; int r;
- /* Allocate memory for the response, size is /* Allocate memory for the response, size is
- * message type, plus 2 bytes payload length, * message type, plus 2 bytes payload length,
- * payload, plus padding * payload, plus padding
- */ */
- buffer = OPENSSL_malloc(1 + 2 + payload + pad buffer = OPENSSL_malloc(1 + 2 + payload + pad
- bp = buffer; bp = buffer;
- /* Enter response type, length and copy paylo /* Enter response type, length and copy paylo
- *bp++ = TLS1_HB_RESPONSE; *bp++ = TLS1_HB_RESPONSE;
- s2n(payload, bp); s2n(payload, bp);
- memcpy(bp, pl, payload); memcpy(bp, pl, payload);
- bp += payload; bp += payload;
- /* Random padding */ /* Random padding */
- RAND_pseudo_bytes(bp, padding); RAND_pseudo_bytes(bp, padding);
- r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, bu r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, bu
- if (r >= 0 && s->msg_callback) if (r >= 0 && s->msg_callback)
- s->msg_callback(1, s->version, TLS1_R s->msg_callback(1, s->version, TLS1_R
- buffer, 3 + payload + padding buffer, 3 + payload + padding
- s, s->msg_callback_arg); s, s->msg_callback_arg);
- OPENSSL_free(buffer); OPENSSL_free(buffer);
- if (r < 0) if (r < 0)
- return r; return r;
- } }
- else if (hbtype == TLS1_HB_RESPONSE) else if (hbtype == TLS1_HB_RESPONSE)
- { {
- unsigned int seq; unsigned int seq;
- /* We only send sequence numbers (2 bytes uns /* We only send sequence numbers (2 bytes uns
- * and 16 random bytes, so we just try to rea * and 16 random bytes, so we just try to rea
- * sequence number */ * sequence number */
- n2s(pl, seq); n2s(pl, seq);
- if (payload == 18 && seq == s->tlsext_hb_seq) if (payload == 18 && seq == s->tlsext_hb_seq)
- { {
- s->tlsext_hb_seq++; s->tlsext_hb_seq++;
- s->tlsext_hb_pending = 0; s->tlsext_hb_pending = 0;
- } }
- } }
- return 0; return 0;
- } }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement