[–] smtddr 12y ago ↗ https://github.com/openssl/openssl/commit/bd6941cfaa31ee8a3f...Amelek is being a bit harsh or just plain wrong; I learned a few days ago that checking malloc's return value means almost nothing:https://news.ycombinator.com/item?id=7541585
[–] syncerr 12y ago ↗ OpenSSL heartbeat bug patch (CVE-2014-0160):https://github.com/openssl/openssl/commit/731f431497f463f3a2...> A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.Previous discussion: https://news.ycombinator.com/item?id=7557825
4 comments
[ 3.4 ms ] story [ 17.3 ms ] threadAmelek is being a bit harsh or just plain wrong; I learned a few days ago that checking malloc's return value means almost nothing:
https://news.ycombinator.com/item?id=7541585
https://github.com/openssl/openssl/commit/731f431497f463f3a2...
> A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.
Previous discussion: https://news.ycombinator.com/item?id=7557825