MINOR: ssl: finally catch the heartbeats missing the padding
Previous patch only focused on parsing the packet right and blocking
it, so it relaxed one test on the packet length. The difference is
not usable for attacking but the logs will not report an attack for
such cases, which is probably bad. Better report all known invalid
packets cases.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 4a9d04e..473c3c9 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -199,13 +199,13 @@
if (*p != TLS1_HB_REQUEST)
return;
- if (len < 3)
+ if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
goto kill_it;
payload = (p[1] * 256) + p[2];
if (3 + payload + 16 <= len)
return; /* OK no problem */
-
+ kill_it:
/* We have a clear heartbleed attack (CVE-2014-0160), the
* advertised payload is larger than the advertised packet
* length, so we have garbage in the buffer between the
@@ -218,7 +218,6 @@
* above as SSL_ERROR_SSL while an other handshake failure with
* a heartbeat message will be reported as SSL_ERROR_SYSCALL.
*/
- kill_it:
ssl->max_send_fragment = 0;
SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
return;