> Message du 12/04/14 04:57 > De : "Peter Malone" > A : [email protected] > Copie à : "Cypher" , [email protected] > Objet : Re: [tor-talk] [cryptography] The Heartbleed Bug is a serious > vulnerability in OpenSSL >
> I don't buy into conspiracy theories often but I really can't see how > you can fail to follow your own RFC. If he had a check in there to make > sure the payload_length wasn't too large I would say "hey, he forgot to > make sure it wasn't too small and he never even mentioned checking if it > was too small that in the RFC"... but he actually never checked for > anything.. so maybe it is just a mistake. He definitely failed to follow > his own RFC which never mentioned making sure the length was correct, > just that it wasn't too big, and that's something he never did. > > I don't get how the reviewer can miss it too, like it's code for an RFC > the reviewer is COMPLETELY new to... so at first the code looks a bit > mad until you read the RFC, then you realize right away that he's > missing shit. Seems silly, i don't think the reviewer ever read the RFC. > Look at the date and time the commit was done by the reviewer, make your own conclusions: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c5082161b02a22116ad75f822b1
