Am Fri, 11 Apr 2014 11:38:54 +0000 schrieb "Kagamin" <[email protected]>:
> On Thursday, 10 April 2014 at 07:14:10 UTC, Marco Leise wrote: > > Am Thu, 10 Apr 2014 06:51:40 +0000 > > schrieb "w0rp" <[email protected]>: > > > >> On Wednesday, 9 April 2014 at 12:36:49 UTC, Marco Leise wrote: > >> > Sorry, but wasn't this security risk instead caused by > >> > uninitialized memory, and shouldn't you instead have said: > >> > > >> > "I'm glad to be using a language with default > >> > initialization?" > >> > >> Nope, it was caused by missing bounds checking. > >> > >> https://www.openssl.org/news/secadv_20140407.txt > >> > >> > A missing bounds check [...] > > > > Haha, I tried to read that about an hour ago to inform myself, > > but it still doesn't load for me. > > http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html > The server copies data received from the client and sends it > back, the length is specified (or forged) by the client, > everything is initialized just fine. Ah, so this is a typical ping packet, where you copy all payload bytes from the client's packet and send them back. Just that in this case the client can write anything into the length header and OpenSSL would try to copy as many bytes from the client provided packet into the answer packet, even if that means reading beyond the end of that packet. This still doesn't touch D's array bounds checking at all, because the array pointer and length come from an unreliable source to begin with! -- Marco
