Understanding of the heartbleed Vulnerability

Some time ago, when "heartbleed" happened, I read the source code and gave me a clear understanding. ------------------------- Split line through time and space --------------------------- reference: http://drops.wooyun.org/papers/1381 this problem occurs in the process of processing TLS heartbeat in OpenSSL, TLS heartbeat process is: A send request packet to B, b. Read the content (data) of the package after receiving the package ), Returns a response packet containing the request Package content. . The request Package content (data) contains information such as the package type and Data Length. When B receives a request packet, it does not verify the actual length of Package A, but simply treats the length described in the request packet data as the actual length of data, therefore, when the length stated in the request package is different from the actual length of the Request package data, the problem arises. Assume that a constructs a request packet, and its actual content length is only 1, but B is told that its length is 65535, after B accepts this package, it will treat the content of a as 65535. In fact, the problem is not serious yet, and the most serious problem is, the heartbeat response package also needs to include all the content of the request package. This requires the program to copy the data of the Request package from its memory to the memory of the response package, this is a big problem. During the copy, the program considers the content length of Package A to be 65535 bytes. As a result, package a actually has only one byte in the memory, so the program not only copies the content of Package A, but also copies the additional 65534 bytes of Package A's data in the memory into the response packet, and the response packet is sent back to a, so a can easily obtain the 65534 bytes of data in B's memory. Imagine that if the 65534 bytes of data contain some sensitive information, the consequences would be very serious. In addition, A can send heartbeat packets in a row to obtain n 65534 bytes of data in the memory of machine B. This vulnerability is worthy of being the "best Vulnerability" in 2014 ". The reality is cruel. It is said that many sensitive information of users has been leaked in this way. As an open-source library that is so widely used and important, this low-level problem is hard to understand and can't help but make people think of it ------ conspiracy!