[pro] Heartbleed?
David McClain
dbm at refined-audiometrics.com
Wed Apr 23 13:13:03 UTC 2014
> . The design is just plain wrong.
Is that statement the benefit of hindsight knowledge, or do you have a more intelligent thought process behind it? (I can imagine the all-knowing smirk in the background, but I'd really like to know :-)
- DM
On Apr 23, 2014, at 01:06 AM, Max Rottenkolber <max at mr.gy> wrote:
>> From what I understand about the bug (I have not seen the code) it sounds
> like data length information
>> arrived both directly and indirectly in the client message and that a
> conflict between them was not
>> scrutinized.
>
> No. The bug was that the keep alive protocol in SSL mandates the server to
> echo arbitrary data back to the client. The bounds checks were wrong too,
> but at that stage it really doesn't matter. The design is just plain wrong.
>
>
>
> _______________________________________________
> pro mailing list
> pro at common-lisp.net
> http://common-lisp.net/cgi-bin/mailman/listinfo/pro
>
Dr. David McClain
dbm at refined-audiometrics.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/pro/attachments/20140423/f6b4b93c/attachment.html>
More information about the pro
mailing list