On 11 Apr 2014, at 09:37, Richard Conto <r...@umich.edu> wrote: > I thought that HeartBleed allowed reading only of up to 64K (unsigned 16 bit > length) of heap memory - from wherever in the heap the buffer used was > allocated. It didn't allow arbitrary process memory exploitation, although I > suppose by manipulating the size of the requests, you ought to be able to > explore different parts of the heap. > > Of course, luck would play a part in what was revealed, although luck can be > manipulated.
Here's a nice piece of work which would allow one to example what was actually returned from cosignd or httpd: https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl Adding support for cosign's protocol would be trivial. :wes ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss