[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Long-term effect of Heartbleed on Tor
> *However*, if there's a way to specify the data it sends back, that
> wouldn't be a problem (I'm no legal specialist though). I have not yet
> tested my theory, but sending a few extra bytes in the heartbeat
> message (and of course incrementing 'length' in the 'ssl3_record_st'
> struct) should do that. It would allow causing the server to return
> data the client sent. If it's not sent back, the server isn't
> vulnerable. No random memory is read as the server did in fact
> allocate the memory, it's simply not supposed to use it.
If I get you in the right way I think this is what you are asking for:
https://github.com/FiloSottile/Heartbleed
This guy is sending a string in and reads it back.
BR
Felix
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays