John Moser <john.r.mo...@gmail.com> wrote: > On Thu, Apr 10, 2014 at 4:18 PM, John Moser <john.r.mo...@gmail.com> wrote: > > > Also why has nobody corrected me on this yet? I've read El Reg's > > analysis, and they missed a critical detail that I didn't see until I read > > the code in context: IT ALLOCATES TOO SMALL OF A WRITE BUFFER, TOO. Okay, > > it would send out the payload on exploit. It would also kill a heap canary > > that glibc should catch on free(). > > > > > > Christ maybe you're right. I'm looking at this again and I'm wrong: it > DOES allocate big enough of a payload. > > Obviously I am not a programmer. There actually is no memory allocator bug > in this code; it uses the allocator entirely correctly.
I have never seen before such technical news in a normal newspaper: http://www.faz.net/aktuell/feuilleton/openssl-sicherheitsluecke-jetzt-muss-jeder-jedes-passwort-aendern-12889676.html Rodrigo.
