[gnutls-devel] An (historical) heartbeat.c issue more relevant to Heartbleed

Peter Dettman peter.dettman at bouncycastle.org
Sat Apr 12 08:37:58 CEST 2014

Hi All,
I would like to draw the list's attention to this commit of heartbeat.c:

Putting aside the error in setting the message type, let's look at the 
_gnutls_write_uint16 call. This call is necessary to correctly set the 
HeartbeatMessage.payload_length field, and was apparently an oversight 
in the previous commit which migrated from the use of gnutls_buffer_st.

In the absence of the payload_length being set correctly, it actually is 
written to from the random data of the payload itself (or perhaps 
padding if the payload is short). It seems clear that at least some of 
those generated packets will therefore be malformed in the precise 
manner associated with the Heartbleed vulnerability.

The previous commit also introduced the ability to disable heartbeats 
when building, but AFAICT, they remained enabled by default. At a 
cursory analysis, the affected releases are/were: 3.1.7, 3.1.8, 3.1.9, 
3.1.10. Those presently scouring their logs for evidence of the 
Heartbleed attack in the wild may need to take this into account.

I have not yet confirmed this behaviour with actual builds, and would 
welcome corrections on any of the above.

Pete Dettman

More information about the Gnutls-devel mailing list