Anatomy of a data leakage bug – the OpenSSL “heartbleed” buffer overflow by Paul Ducklin.
From the post:
An information disclosure vulnerability has been found, and promptly patched, in OpenSSL.
OpenSSL is a very widely used encryption library, responsible for putting the S in HTTPS, and the padlock in the address bar, for many websites.
The bug only exists in the OpenSSL 1.0.1 source code (from version 1.0.1 to 1.0.1f inclusive), because the faulty code relates to a fairly new feature known as the TLS Heartbeat Extension.
The heartbeat extension was first documented in RFC 6520 in February 2012.
TLS heartbeats are used as “keep alive” packets so that the ends of an encrypted connection can agree to keep the session open even when they don’t have any official data to exchange.
Because the heartbeats consist of a reply and a matching response, they allow either end to confirm not only that the session is open, but also that end-to-end connectivity is working properly.
…
Paul goes on to give you a detailed description of the bug.
If you are interested in experimenting with joern to find bugs in source code, checking unpatched source code of OpenSSL should be good practice.
Once you identify the pattern, where else can you find examples of it?