[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Long-term effect of Heartbleed on Tor

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] Long-term effect of Heartbleed on Tor
From: Felix Büdenhölzer <f.buedenhoelzer@xxxxxx>
Date: Thu, 10 Apr 2014 22:13:25 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 10 Apr 2014 16:13:44 -0400
In-reply-to: <53459F1E.90101@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <534587AC.6080902@xxxxxxx> <CAOUgPvTTXyObR7gn=+3-MKjZqpERJg9zKPBaBHnT4c=1Dr7t7Q@xxxxxxxxxxxxxx> <0ef1cbfea7c25ef1b0e1bd66543faba8@xxxxxxxxxxx> <53459F1E.90101@xxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0

> *However*, if there's a way to specify the data it sends back, that
> wouldn't be a problem (I'm no legal specialist though). I have not yet
> tested my theory, but sending a few extra bytes in the heartbeat
> message (and of course incrementing 'length' in the 'ssl3_record_st'
> struct) should do that. It would allow causing the server to return
> data the client sent. If it's not sent back, the server isn't
> vulnerable. No random memory is read as the server did in fact
> allocate the memory, it's simply not supposed to use it.
If I get you in the right way I think this is what you are asking for:
https://github.com/FiloSottile/Heartbleed
This guy is sending a string in and reads it back.

BR
Felix
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Long-term effect of Heartbleed on Tor
  - From: Tom van der Woerdt

References:
- [tor-relays] Long-term effect of Heartbleed on Tor
  - From: Tom van der Woerdt
- Re: [tor-relays] Long-term effect of Heartbleed on Tor
  - From: Paul Pearce
- Re: [tor-relays] Long-term effect of Heartbleed on Tor
  - From: Alexander Dietrich
- Re: [tor-relays] Long-term effect of Heartbleed on Tor
  - From: Tom van der Woerdt

Next by Author: [tor-relays] Heartbleed: Exchange of keys now or later?
Previous by thread: Re: [tor-relays] Long-term effect of Heartbleed on Tor
Next by thread: Re: [tor-relays] Long-term effect of Heartbleed on Tor
Index(es):
- Author
- Thread