From bb1228d8a9e6f823f4875a1f6bafa9726ef506ae Mon Sep 17 00:00:00 2001
From: lloyd <lloyd@randombit.net>
Date: Wed, 7 Jan 2015 13:05:20 +0000
Subject: Support setting the number of pad bytes in a heartbeat message. Use
 random instead of all-zero padding. Check on sanity of received pads to the
 extent possible. Bugzilla 269.

---
 src/lib/tls/tls_heartbeats.cpp | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

(limited to 'src/lib/tls/tls_heartbeats.cpp')

diff --git a/src/lib/tls/tls_heartbeats.cpp b/src/lib/tls/tls_heartbeats.cpp
index 1b4f099c1..a8bcc0189 100644
--- a/src/lib/tls/tls_heartbeats.cpp
+++ b/src/lib/tls/tls_heartbeats.cpp
@@ -1,6 +1,6 @@
 /*
 * TLS Heartbeats
-* (C) 2012 Jack Lloyd
+* (C) 2012,2015 Jack Lloyd
 *
 * Released under the terms of the Botan license
 */
@@ -28,25 +28,37 @@ Heartbeat_Message::Heartbeat_Message(const std::vector<byte>& buf)
 
    m_payload = reader.get_range<byte>(2, 0, 16*1024);
 
-   // padding follows and is ignored
+   m_padding = reader.get_remaining();
+
+   if(m_padding.size() < 16)
+      throw Decoding_Error("Invalid heartbeat padding");
    }
 
 Heartbeat_Message::Heartbeat_Message(Type type,
                                      const byte payload[],
-                                     size_t payload_len) :
+                                     size_t payload_len,
+                                     const std::vector<byte>& padding) :
    m_type(type),
-   m_payload(payload, payload + payload_len)
+   m_payload(payload, payload + payload_len),
+   m_padding(padding)
    {
+   if(payload_len >= 64*1024)
+      throw std::runtime_error("Heartbeat payload too long");
+   if(m_padding.size() < 16)
+      throw std::runtime_error("Invalid heartbeat padding length");
    }
 
 std::vector<byte> Heartbeat_Message::contents() const
    {
-   std::vector<byte> send_buf(3 + m_payload.size() + 16);
-   send_buf[0] = m_type;
-   send_buf[1] = get_byte<u16bit>(0, m_payload.size());
-   send_buf[2] = get_byte<u16bit>(1, m_payload.size());
-   copy_mem(&send_buf[3], &m_payload[0], m_payload.size());
-   // leave padding as all zeros
+   //std::vector<byte> send_buf(3 + m_payload.size() + 16);
+   std::vector<byte> send_buf;
+   send_buf.reserve(3 + m_payload.size() + m_padding.size());
+
+   send_buf.push_back(m_type);
+   send_buf.push_back(get_byte<u16bit>(0, m_payload.size()));
+   send_buf.push_back(get_byte<u16bit>(1, m_payload.size()));
+   send_buf += m_payload;
+   send_buf += m_padding;
 
    return send_buf;
    }
-- 
cgit v1.2.3