Date: Thu, 10 Apr 2014 12:59:08 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: "Ronald F. Guilmette" <rfg@tristatelogic.com> Cc: freebsd-security@freebsd.org Subject: Re: Heartbleed, a few naive questions Message-ID: <867g6x5u2r.fsf@nine.des.no> In-Reply-To: <42638.1397124000@server1.tristatelogic.com> (Ronald F. Guilmette's message of "Thu, 10 Apr 2014 03:00:00 -0700") References: <42638.1397124000@server1.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Ronald F. Guilmette" <rfg@tristatelogic.com> writes: > Xin Li <delphij@delphij.net> writes: > > For this bug, doing calloc() makes no difference. > I would very much like to know how you reached that conclusion. It's very simple. The explpoit relies on reading past the end of the allocated buffer. Clearing the allocated buffer would not have made any difference. The problem is the size of the buffer, not its contents. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?867g6x5u2r.fsf>