Heartbleed And C Programming Language
I've been hearing that at the core of the Heartbleed security flaw, lies the limitation of the C programming language. Though I couldn't make much sense out of it; I learn that it's because of the C programming language's ability to directly manipulate the heap; that lets it dump the memory to the hacker.
I'd like those familiar with C programming language in depth to discuss the issue (if it's indeed the case). At the heart of it; the bug is about defining the key you want from the memory and defining the length greater than the actual length of the key; which leads the system to send you whatever it has in its memory. This often leads to exposing sensitive information to the hacker.
I don't know who discovered this bug; but it's an interesting one to fix. I look forward to a discussion on the topic.
I'd like those familiar with C programming language in depth to discuss the issue (if it's indeed the case). At the heart of it; the bug is about defining the key you want from the memory and defining the length greater than the actual length of the key; which leads the system to send you whatever it has in its memory. This often leads to exposing sensitive information to the hacker.
I don't know who discovered this bug; but it's an interesting one to fix. I look forward to a discussion on the topic.
0
