The fix to CVE-2016-6303 (a.k.a. why C is a terrible language): https://git.openssl.org/?p=openssl.git;a=commitdiff;h=a004e72;hp=f792c66 …
-
-
Replying to @bascule
This is not the language's fault. The same can happen with plain offsets in any lang where int overflow wraps (not just with UB).
1 reply 0 retweets 0 likes -
Replying to @RichFelker
are you familiar with the concept of memory safety?
1 reply 0 retweets 2 likes -
Replying to @bascule
Yes. But the invalid length overflow checks are orthogonal to lack of memory safety.
1 reply 0 retweets 1 like -
Replying to @RichFelker @bascule
Even in a memory-safe lang, if you do these kinds of checks wrong you can break program logic in ways that compromise security.
2 replies 0 retweets 6 likes
Replying to @RichFelker @bascule
You can, but memory safety stops the vast majority of attacks in practice.
7:25 PM - 23 Sep 2016
0 replies
0 retweets
4 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.