LOGBOOK

HELP

Quiz Entry - updated: 2026.06.23

Explain how the Heartbleed attack exploited the lack of input validation.

The server copied back as many bytes as the client claimed, never checking that the claim matched the real message — so the copy ran off into adjacent memory.

The root cause: the server used memcpy() with a client-controlled length without validating it.

Normal heartbeat:

  • Client: "Echo 'bird' (4 bytes)"
  • Server: Allocates 4 bytes, copies "bird", returns "bird"

Attack:

  • Client: "Echo 'bird' (500 bytes)"
  • Server: Allocates 500 bytes, copies starting at "bird" + 496 bytes of adjacent memory
  • Server returns: "bird" + passwords, keys, whatever was in memory

Root cause:

memcpy(response, payload, client_specified_length);
// Missing: if (client_specified_length > actual_payload_length) reject!

Lesson: Always validate that claimed sizes match actual data before processing. This is defensive programming 101.

From Quiz: SPRG / Secure Programming Introduction | Updated: Jun 23, 2026