moyix/heartbleed_probabilities.txt

## heartbleed_probabilities.txt
 -0.471773 | #ifndef OPENSSL_NO_HEARTBEATS
 -3.596041 | int
 -0.389579 | tls1_process_heartbeat(SSL *s)
 -0.135248 | 	{
 -0.778353 | 	unsigned char *p = &s->s3->rrec.data[0], *pl;
 -0.588106 | 	unsigned short hbtype;
 -0.750892 | 	unsigned int payload;
 -0.836333 | 	unsigned int padding = 16; /* Use minimum padding */
     -     |
 -1.023496 | 	/* Read type and payload length first */
 -0.567731 | 	hbtype = *p++;
 -0.346340 | 	n2s(p, payload);
 -0.448007 | 	pl = p;
     -     |
 -0.347395 | 	if (s->msg_callback)
 -0.113271 | 		s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
 -0.292899 | 			&s->s3->rrec.data[0], s->s3->rrec.length,
 -0.022980 | 			s, s->msg_callback_arg);
     -     |
 -0.155938 | 	if (hbtype == TLS1_HB_REQUEST)
 -0.016430 | 		{
 -0.422859 | 		unsigned char *buffer, *bp;
 -0.830422 | 		int r;
     -     |
 -1.196514 | 		/* Allocate memory for the response, size is 1 bytes
 -0.669974 | 		 * message type, plus 2 bytes payload length, plus
 -0.441242 | 		 * payload, plus padding
 -0.014795 | 		 */
 -0.179963 | 		buffer = OPENSSL_malloc(1 + 2 + payload + padding);
 -0.308801 | 		bp = buffer;
 -1.017527 |
 -0.658053 | 		/* Enter response type, length and copy payload */
 -0.004627 | 		*bp++ = TLS1_HB_RESPONSE;
 -0.016453 | 		s2n(payload, bp);
 -0.056408 | 		memcpy(bp, pl, payload);
 -0.165415 | 		bp += payload;
 -0.301605 | 		/* Random padding */
 -0.120381 | 		RAND_pseudo_bytes(bp, padding);
     -     |
 -0.253903 | 		r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
     -     |
 -0.305203 | 		if (r >= 0 && s->msg_callback)
 -0.014858 | 			s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
 -0.081264 | 				buffer, 3 + payload + padding,
 -0.016210 | 				s, s->msg_callback_arg);
     -     |
 -0.134292 | 		OPENSSL_free(buffer);
     -     |
 -0.244142 | 		if (r < 0)
 -0.198598 | 			return r;
 -0.192851 | 		}
 -0.029036 | 	else if (hbtype == TLS1_HB_RESPONSE)
 -0.017195 | 		{
 -0.464082 | 		unsigned int seq;
 -0.992819 |
 -0.330958 | 		/* We only send sequence numbers (2 bytes unsigned int),
 -0.147071 | 		 * and 16 random bytes, so we just try to read the
 -0.371636 | 		 * sequence number */
 -0.185372 | 		n2s(pl, seq);
 -0.486241 |
 -0.263062 | 		if (payload == 18 && seq == s->tlsext_hb_seq)
 -0.077217 | 			{
 -0.046586 | 			s->tlsext_hb_seq++;
 -0.081252 | 			s->tlsext_hb_pending = 0;
 -0.045001 | 			}
 -0.462814 | 		}
     -     |
 -0.482583 | 	return 0;
 -0.015028 | 	}
	-0.471773 \| #ifndef OPENSSL_NO_HEARTBEATS
	-3.596041 \| int
	-0.389579 \| tls1_process_heartbeat(SSL *s)
	-0.135248 \| {
	-0.778353 \| unsigned char p = &s->s3->rrec.data[0], pl;
	-0.588106 \| unsigned short hbtype;
	-0.750892 \| unsigned int payload;
	-0.836333 \| unsigned int padding = 16; /* Use minimum padding */
	- \|
	-1.023496 \| /* Read type and payload length first */
	-0.567731 \| hbtype = *p++;
	-0.346340 \| n2s(p, payload);
	-0.448007 \| pl = p;
	- \|
	-0.347395 \| if (s->msg_callback)
	-0.113271 \| s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
	-0.292899 \| &s->s3->rrec.data[0], s->s3->rrec.length,
	-0.022980 \| s, s->msg_callback_arg);
	- \|
	-0.155938 \| if (hbtype == TLS1_HB_REQUEST)
	-0.016430 \| {
	-0.422859 \| unsigned char buffer, bp;
	-0.830422 \| int r;
	- \|
	-1.196514 \| /* Allocate memory for the response, size is 1 bytes
	-0.669974 \| * message type, plus 2 bytes payload length, plus
	-0.441242 \| * payload, plus padding
	-0.014795 \| */
	-0.179963 \| buffer = OPENSSL_malloc(1 + 2 + payload + padding);
	-0.308801 \| bp = buffer;
	-1.017527 \|
	-0.658053 \| /* Enter response type, length and copy payload */
	-0.004627 \| *bp++ = TLS1_HB_RESPONSE;
	-0.016453 \| s2n(payload, bp);
	-0.056408 \| memcpy(bp, pl, payload);
	-0.165415 \| bp += payload;
	-0.301605 \| /* Random padding */
	-0.120381 \| RAND_pseudo_bytes(bp, padding);
	- \|
	-0.253903 \| r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
	- \|
	-0.305203 \| if (r >= 0 && s->msg_callback)
	-0.014858 \| s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
	-0.081264 \| buffer, 3 + payload + padding,
	-0.016210 \| s, s->msg_callback_arg);
	- \|
	-0.134292 \| OPENSSL_free(buffer);
	- \|
	-0.244142 \| if (r < 0)
	-0.198598 \| return r;
	-0.192851 \| }
	-0.029036 \| else if (hbtype == TLS1_HB_RESPONSE)
	-0.017195 \| {
	-0.464082 \| unsigned int seq;
	-0.992819 \|
	-0.330958 \| /* We only send sequence numbers (2 bytes unsigned int),
	-0.147071 \| * and 16 random bytes, so we just try to read the
	-0.371636 \| * sequence number */
	-0.185372 \| n2s(pl, seq);
	-0.486241 \|
	-0.263062 \| if (payload == 18 && seq == s->tlsext_hb_seq)
	-0.077217 \| {
	-0.046586 \| s->tlsext_hb_seq++;
	-0.081252 \| s->tlsext_hb_pending = 0;
	-0.045001 \| }
	-0.462814 \| }
	- \|
	-0.482583 \| return 0;
	-0.015028 \| }