Search
j0ke.net Open Build Service
>
Projects
>
internetx
:
projects
:
http
>
nginx
> ngx-detect-heartbleed.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File ngx-detect-heartbleed.patch of Package nginx (Revision 3)
Currently displaying revision
3
,
show latest
--- src/event/ngx_event_openssl.c +++ src/event/ngx_event_openssl.c @@ -18,6 +18,9 @@ typedef struct { static int ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store); static void ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret); +static void ngx_ssl_msg_callback( + int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *log); static void ngx_ssl_handshake_handler(ngx_event_t *ev); static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n); static void ngx_ssl_write_handler(ngx_event_t *wev); @@ -244,6 +247,8 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) SSL_CTX_set_read_ahead(ssl->ctx, 1); SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback); + SSL_CTX_set_msg_callback(ssl->ctx, ngx_ssl_msg_callback); + SSL_CTX_set_msg_callback_arg(ssl->ctx, ssl->log); return NGX_OK; } @@ -532,6 +537,22 @@ ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) return 1; } +static void ngx_ssl_msg_callback( + int write_p, int version, int content_type, + const void *buf, size_t len, ngx_ssl_conn_t *ssl, void *log) +{ + if (write_p == 0 && content_type == TLS1_RT_HEARTBEAT) { + unsigned char *p = buf; + unsigned int payload; + + payload = (((unsigned int)(p[1])) << 8) | ((unsigned int)(p[2])); + if (1 + 2 + payload + 16 > len) { + ngx_log_error(NGX_LOG_ALERT, ((ngx_log_t*)log), 0, "Heartbleed attack detected"); + } + } + +} + static void ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret)