A serious security bug... caused by no bounds checking.
Marco Leise
Marco.Leise at gmx.de
Thu Apr 10 00:17:28 PDT 2014
Am Thu, 10 Apr 2014 06:51:40 +0000
schrieb "w0rp" <devw0rp at gmail.com>:
> On Wednesday, 9 April 2014 at 12:36:49 UTC, Marco Leise wrote:
> > Sorry, but wasn't this security risk instead caused by
> > uninitialized memory, and shouldn't you instead have said:
> >
> > "I'm glad to be using a language with default initialization?"
>
> Nope, it was caused by missing bounds checking.
>
> https://www.openssl.org/news/secadv_20140407.txt
>
> > A missing bounds check [...]
Haha, I tried to read that about an hour ago to inform myself,
but it still doesn't load for me.
--
Marco
More information about the Digitalmars-d
mailing list