A serious security bug... caused by no bounds checking.
Tobias Müller
troplin at bluewin.ch
Wed Apr 9 14:25:25 PDT 2014
Marco Leise <Marco.Leise at gmx.de> wrote:
> Am Mon, 07 Apr 2014 23:28:02 +0000
> schrieb "w0rp" <devw0rp at gmail.com>:
>
>> http://heartbleed.com/
>>
>> This bug has been getting around. The bug was caused by missing
>> bounds checking.
>>
>> I'm glad to be using a language with bounds checking.
>
> Sorry, but wasn't this security risk instead caused by
> uninitialized memory, and shouldn't you instead have said:
>
> "I'm glad to be using a language with default initialization?"
>
>
> (The attacker could request a larger packet size than required
> for the requested data and malloc() doesn't zero out the rest
> of the memory block, possibly containing sensitive data.)
As far as I understand it, you can read up to 64 KB of data, much more than
the typical 4 KB block size. That means that you can read adjacent memory
blocks that possibly contain perfectly valid data.
Tobi
More information about the Digitalmars-d
mailing list