Heartbleed: Please change your passwords of affected sites

Discuss about any latest news or current affairs in Singapore or globally. Please DO NOT copy and paste news articles from other sources without written permission.
Post Reply
User avatar
zzm9980
Governor
Governor
Posts: 6869
Joined: Wed, 06 Jul 2011 1:35 pm
Location: Once more unto the breach

Post by zzm9980 » Sun, 13 Apr 2014 12:17 am

Strong Eagle wrote:
x9200 wrote:
Strong Eagle wrote:@zzm - is it really a buffer overrun exploit? I thought these kinds of things would have been patched up years ago.
Technically it just reads too much without modifying anything in memory. Buffer overflow writes over some data often to execute specific tasks.
It's really the same difference, though, isn't it. Any given data field that has been malloc'ed contains the length of the field. Anything asking for more, could, and should be rejected. Seems like a big coding oversight.
OpenSSL thought they knew better and didn't use protections built into malloc.

http://article.gmane.org/gmane.os.openbsd.misc/211963

User avatar
Strong Eagle
Moderator
Moderator
Posts: 11504
Joined: Sat, 10 Jul 2004 12:13 am
Location: Off The Red Dot
Contact:

Post by Strong Eagle » Sun, 13 Apr 2014 5:04 am

zzm9980 wrote:
Strong Eagle wrote:
x9200 wrote: Technically it just reads too much without modifying anything in memory. Buffer overflow writes over some data often to execute specific tasks.
It's really the same difference, though, isn't it. Any given data field that has been malloc'ed contains the length of the field. Anything asking for more, could, and should be rejected. Seems like a big coding oversight.
OpenSSL thought they knew better and didn't use protections built into malloc.

http://article.gmane.org/gmane.os.openbsd.misc/211963
Wow... something that fundamental.

Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “Latest News & Current Affairs”

Who is online

Users browsing this forum: No registered users and 6 guests