]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ab50387) | patch
TLS: add detection for malicious heartbeats (AKA heartbleed) 924/head
authorPierre Chifflier <pierre.chifflier@ssi.gouv.fr>
Wed, 9 Apr 2014 07:52:00 +0000 (09:52 +0200)
committerPierre Chifflier <pierre.chifflier@ssi.gouv.fr>
Wed, 9 Apr 2014 09:00:51 +0000 (11:00 +0200)
commitd476c654eea7cfa47c31f1d0a9901c1759c2da5e
tree30bc0384720eae474d23f332c8750ef1fc7f6584tree
parentab503873caa771ca2aa9e0c7e4c5fbc5a6498280commit | diff
TLS: add detection for malicious heartbeats (AKA heartbleed)

The OpenSSL implementation of RFC 6520 (Heartbeat extension) does not
check the payload length correctly, resulting in a copy of at most 64k
of memory from the server (ref: CVE-2014-0160).
This patch adds support for decoding heartbeat messages (if not
encrypted), and checking several parts (type, length and padding).
When an anomaly is detected, a TLS event is raised.
rules/tls-events.rules diff | blob | blame | history
src/app-layer-ssl.c diff | blob | blame | history
src/app-layer-ssl.h diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git