[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-2.0-24-gd476c65
OISF Git
noreply at openinfosecfoundation.org
Wed Apr 9 11:51:16 UTC 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via d476c654eea7cfa47c31f1d0a9901c1759c2da5e (commit)
from ab503873caa771ca2aa9e0c7e4c5fbc5a6498280 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d476c654eea7cfa47c31f1d0a9901c1759c2da5e
Author: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
Date: Wed Apr 9 09:52:00 2014 +0200
TLS: add detection for malicious heartbeats (AKA heartbleed)
The OpenSSL implementation of RFC 6520 (Heartbeat extension) does not
check the payload length correctly, resulting in a copy of at most 64k
of memory from the server (ref: CVE-2014-0160).
This patch adds support for decoding heartbeat messages (if not
encrypted), and checking several parts (type, length and padding).
When an anomaly is detected, a TLS event is raised.
-----------------------------------------------------------------------
Summary of changes:
rules/tls-events.rules | 5 +++-
src/app-layer-ssl.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++
src/app-layer-ssl.h | 3 ++
3 files changed, 79 insertions(+), 1 deletion(-)
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list