Singapore Expats Forum

Heartbleed: Please change your passwords of affected sites

Discuss about any latest news or current affairs in Singapore or globally. Please DO NOT copy and paste news articles from other sources without written permission.
User avatar
zzm9980
Governor
Governor
Posts: 6837
Joined: Wed, 06 Jul 2011
Location: Once more unto the breach

Postby zzm9980 » Sun, 13 Apr 2014 12:17 am

Strong Eagle wrote:
x9200 wrote:
Strong Eagle wrote:@zzm - is it really a buffer overrun exploit? I thought these kinds of things would have been patched up years ago.

Technically it just reads too much without modifying anything in memory. Buffer overflow writes over some data often to execute specific tasks.


It's really the same difference, though, isn't it. Any given data field that has been malloc'ed contains the length of the field. Anything asking for more, could, and should be rejected. Seems like a big coding oversight.


OpenSSL thought they knew better and didn't use protections built into malloc.

http://article.gmane.org/gmane.os.openbsd.misc/211963

User avatar
Strong Eagle
Moderator
Moderator
Posts: 10413
Joined: Sat, 10 Jul 2004
Location: Off The Red Dot
Contact:

Postby Strong Eagle » Sun, 13 Apr 2014 5:04 am

zzm9980 wrote:
Strong Eagle wrote:
x9200 wrote:
Strong Eagle wrote:@zzm - is it really a buffer overrun exploit? I thought these kinds of things would have been patched up years ago.

Technically it just reads too much without modifying anything in memory. Buffer overflow writes over some data often to execute specific tasks.


It's really the same difference, though, isn't it. Any given data field that has been malloc'ed contains the length of the field. Anything asking for more, could, and should be rejected. Seems like a big coding oversight.


OpenSSL thought they knew better and didn't use protections built into malloc.

http://article.gmane.org/gmane.os.openbsd.misc/211963


Wow... something that fundamental.


  • Similar Topics
    Replies
    Views
    Last post

Return to “Latest News & Current Affairs”

Who is online

Users browsing this forum: No registered users and 1 guest