Marco Leise <[email protected]> wrote: > Am Mon, 07 Apr 2014 23:28:02 +0000 > schrieb "w0rp" <[email protected]>: > >> http://heartbleed.com/ >> >> This bug has been getting around. The bug was caused by missing >> bounds checking. >> >> I'm glad to be using a language with bounds checking. > > Sorry, but wasn't this security risk instead caused by > uninitialized memory, and shouldn't you instead have said: > > "I'm glad to be using a language with default initialization?" > > > (The attacker could request a larger packet size than required > for the requested data and malloc() doesn't zero out the rest > of the memory block, possibly containing sensitive data.)
As far as I understand it, you can read up to 64 KB of data, much more than the typical 4 KB block size. That means that you can read adjacent memory blocks that possibly contain perfectly valid data. Tobi
