On 04/14/2014 10:48 AM, Tiziano Müller wrote:
> Am 13.04.2014 22:42, schrieb Joshua Kinard:
>> So one of the side-discussions happening after Heartbleed was the fact that
>> OpenSSL has its own memory allocator code that effectively mitigates any C
>> library-provided exploit mitigations (as discus
Le lundi 14 avril 2014 à 10:48 +0200, Tiziano Müller a écrit :
> Not really, no. I would rather wait until other people have reviewed
> and/or it has been pulled into openssl.
>
> To cite the Akamai dev who posted the patch [1]:
> "Let me restate that: *do not just take this patch and put it into
Am 13.04.2014 22:42, schrieb Joshua Kinard:
> So one of the side-discussions happening after Heartbleed was the fact that
> OpenSSL has its own memory allocator code that effectively mitigates any C
> library-provided exploit mitigations (as discussed on the openbsd-misc ML at
> [1] and Ted Unangst
On 04/13/2014 20:17, Patrick Lauer wrote:
> On 04/14/2014 04:42 AM, Joshua Kinard wrote:
>>
>> So one of the side-discussions happening after Heartbleed was the fact that
>> OpenSSL has its own memory allocator code that effectively mitigates any C
>> library-provided exploit mitigations (as discus
On 04/14/2014 04:42 AM, Joshua Kinard wrote:
>
> So one of the side-discussions happening after Heartbleed was the fact that
> OpenSSL has its own memory allocator code that effectively mitigates any C
> library-provided exploit mitigations (as discussed on the openbsd-misc ML at
> [1] and Ted Una
So one of the side-discussions happening after Heartbleed was the fact that
OpenSSL has its own memory allocator code that effectively mitigates any C
library-provided exploit mitigations (as discussed on the openbsd-misc ML at
[1] and Ted Unangst's blogs at [2] and [3]). This is partially why th