The fix to CVE-2016-6303 (a.k.a. why C is a terrible language): https://git.openssl.org/?p=openssl.git;a=commitdiff;h=a004e72;hp=f792c66 …
This is not the language's fault. The same can happen with plain offsets in any lang where int overflow wraps (not just with UB).
-
-
are you familiar with the concept of memory safety?
-
Yes. But the invalid length overflow checks are orthogonal to lack of memory safety.
-
Even in a memory-safe lang, if you do these kinds of checks wrong you can break program logic in ways that compromise security.
- End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.