Varga-Perke Bálint, Silent Signal Kft.
"TLS is based on reliable protocols, but there is not necessarily a feature available to keep the connection alive without continuous data transfer.
The Heartbeat Extension as described in this document overcomes these limitations. The user can use the new HeartbeatRequest message, which has to be answered by the peer with a HeartbeartResponse immediately. To perform PMTU discovery, HeartbeatRequest messages containing padding can be used as probe packets, as described in [RFC4821]."
unsigned char *p = &s->s3->rrec.data, *pl; //... hbtype = *p++; n2s(p, payload); // read payload length pl = p; //... buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; //... *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); // write payload length memcpy(bp, pl, payload); // memcpy(void * dst,const void * src,size_t num)
"But around that time OpenSSL adds a wrapper around malloc & free so that the library will cache memory on it's own, and not free it to the protective malloc."
The minute we identified the severity of the threat, we declared what we call a “Security Prio1” status[...]
With all hands on deck, we were able to work with rapid efficiency, and we patched all our servers just within a few hours.
- Applied the security patch to every one of our known vulnerable servers–more than 100 of them
- Identified corner-cases, such as services that didn’t restart automatically
- Detected and assessed third-party service providers (e.g. Amazon ELBs)
- Changed our SSL certificates, and requested the revocation of the old ones
- Wrote monitoring to detect which services were unpatched or were using compromised certificates
- Performed a forced log-out of every user to renew their session cookies. (Since we use signed session cookies, we also needed to invalidate the old ones)
- Assessed the impact on the users
A CA-k szemszögéből...
--- src/lib/libssl/src/crypto/bn/bn_lib.c 2014/04/17 14:37:48 1.18 +++ src/lib/libssl/src/crypto/bn/bn_lib.c 2014/04/23 20:14:59 1.19 @@ -345,10 +345,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, i case 3: A=B; case 2: A=B; case 1: A=B; - case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does - * the switch table by doing a=top&3; a--; goto jump_table[a]; - * which fails for top== 0 */