Shulou(Shulou.com)06/01 Report--

The problem does not seem to be as serious as imagined.

At first, I thought I could dump the 64k memory at any address, but I found that only dump could be attached to the memory behind the HeartBeatMessage.

Because the address of HeartBeatMessage is out of control, it's a stroke of luck to get something.

But suppose the HeartBeatMessage is allocated in the heap area, because the heap area is characterized by putting blocks of memory of the same size together, so you may get an example of a structure of the same size.

If you are in the stack area, you will get the previous function call stack.

Because it is impossible to dump the code, there is no way to decode the data, and there is no way to determine the significance of the data from dump. It may contain important information, but it is also very difficult to figure out what it is.

To take a step back, even if the information is leaked, it is only limited to the process in which ssl is located, and it is only data related to the session. It is really no big deal.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.