RFC 6520, section 4 states that "The total length of a HeartbeatMessage MUST NOT exceed 2^14 or max_fragment_length when negotiated as defined in [RFC6066]."
and "If the payload_length of a received HeartbeatMessage is too large, the received HeartbeatMessage MUST be discarded silently." The attached patch against git adds a check to silently discard heartbeat messages longer than 2^14 bytes. The max_fragment_length negotiation is not allowed to increase this value. RFC 6066 allows 2^9, 2^10, 2^11, or 2^12 as negotiated max_fragment_length values. Thanks, Erik
diff --git a/ssl/d1_both.c b/ssl/d1_both.c index d8bcd58..cf74fc2 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1338,6 +1338,8 @@ dtls1_process_heartbeat(SSL *s) /* Read type and payload length first */ if (1 + 2 + 16 > s->s3->rrec.length) return 0; /* silently discard */ + if (s->s3->rrec.length > SSL3_RT_MAX_PLAIN_LENGTH) + return 0; /* silently discard per RFC 6520 sec. 4 */ hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length)
