On 10/04/14 00:41, Stephen Farrell wrote: > Well, the RFC [1] (end of p5) does say : > > If the payload_length of a received HeartbeatMessage is too large, > the received HeartbeatMessage MUST be discarded silently. > > I guess that doesn't say "longer than actual payload" though so > it doesn't explicitly call out the case that caused the problem.
But it also says: the receiver MUST send a corresponding HeartbeatResponse message carrying an exact copy of the payload of the received HeartbeatRequest If you don't consider that a payload_length longer than actual payload is "too large", then an exact copy of the payload should still be the same length as the original actual payload.
I figure there are some protocol design lessons maybe.
Oh yes, the protocol design is absolutely among the things that lead to the implementation error. (There's also the fact that OpenSSL responds to heartbeat messages during a handshake, when the RFC says they SHOULD be discarded. If it had said they MUST be discarded, perhaps that mitigation would have been done.) _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography