OpenSSLTLS漏洞分析报告.docVIP

CVE-2014-0160 OpenSSL TLS漏洞分析报告 漏洞信息 存，进而可能导致私钥，用户名密码等重要信息的泄露。 漏洞名称： CVE编号： CVE-20 受影响系统：Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4 Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 CentOS 6.5, OpenSSL 1.0.1e-15 Fedora 18, OpenSSL 1.0.1e-4 OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012) FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013 NetBSD 5.0.2 (OpenSSL 1.0.1e) OpenSUSE 12.2 (OpenSSL 1.0.1c) 受影响软件： OpenSSL 1.0.1 到 1.0.1f（含） 漏洞发布时间： 20 漏洞来源信息： /cgi-bin/cvename.cgi?name=CVE-2014-0160/exploits/32745/ 漏洞类型： 漏洞SSLv3 record结构定义如下所示： typedef struct ssl3_record_st { int type; /* type of record */ unsigned int length; /* How many bytes available */ unsigned int off; /* read/write offset into buf */ unsigned char *data; /* pointer to the record data */ unsigned char *input; /* where the decode bytes are */ unsigned char *comp; /* only used with decompression - malloc()ed */ unsigned long epoch; /* epoch number, needed by DTLS1 */ unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */ } SSL3_RECORD; 程序对心跳包的处理如下： int dtls1_process_heartbeat(SSL *s) { unsigned char *p = s-s3-rrec.data[0], *pl; unsigned short hbtype; unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ /* Read type and payload length first */ hbtype = *p++; n2s(p, payload); pl = p; unsigned char *buffer, *bp; int r; /* Allocate memory for the response, size is 1 byte * message type, plus 2 bytes payload length, plus * payload, plus padding */ buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; /* Enter response type, length and copy payload */ *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); } 在dtls1_process_heartbeat函数处理过程： 首先读取了数据包的长度payload； 根据数据包长度（1 + 2 + payload + padding）分配内存bp； 从接收缓存pl中拷贝payload大小的数据到bp中； 由于程序没有验证length字段值是否为数据包实际的大小，如果发送端伪造了一个畸形的length字段，使得length大于实际的数据包大小。那么在接