The Heartbleed Challenge
posted April 2014
an attacker can get up to 64kB of the server’s working memory. This is the result of a classic implementation bug known as a Buffer over-read
Apparently it is not known if it is possible or not to find those keys. If it appears to be possible the results would be catastrophic as every single website that has used OpenSSL would have to revoke and ask for a new certificate. And as Cloudflare says:
the certificate revocation process is far from perfect and was never built for revocation at mass scale.
So it would then be very easy for any server to pretend they're someone else.
A heartbeat is a message that is sent to the server just so the server can send it back. This lets a client know that the server is still connected and listening. The heartbleed bug was a mistake in the implementation of the response to a heartbeat message.
This is the code in question:
p = &s->s3->rrec.data [...] hbtype = *p++; n2s(p, payload); pl = p; [...] buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; [...] memcpy(bp, pl, payload);