Heartbleed And C Programming Language
I've been hearing that at the core of the Heartbleed security flaw, lies the limitation of the C programming language. Though I couldn't make much sense out of it; I learn that it's because of the C programming language's ability to directly manipulate the heap; that lets it dump the memory to the hacker.
I'd like those familiar with C programming language in depth to discuss the issue (if it's indeed the case). At the heart of it; the bug is about defining the key you want from the memory and defining the length greater than the actual length of the key; which leads the system to send you whatever it has in its memory. This often leads to exposing sensitive information to the hacker.
I don't know who discovered this bug; but it's an interesting one to fix. I look forward to a discussion on the topic.
I'd like those familiar with C programming language in depth to discuss the issue (if it's indeed the case). At the heart of it; the bug is about defining the key you want from the memory and defining the length greater than the actual length of the key; which leads the system to send you whatever it has in its memory. This often leads to exposing sensitive information to the hacker.
I don't know who discovered this bug; but it's an interesting one to fix. I look forward to a discussion on the topic.
Replies
-
Abhishek RawalHeartbleed bug in OpenSSL was not limitation of 'C Programming language' but probably intended one to execute the program faster as malloc() & free() of libc6 is slow & thus only solution remaining was allocating pointer to combined cluster of memory. Well, that's what I understood from #-Link-Snipped-#. Or, maybe it could be sloppy coding. People do make mistake.
Interesting bug to get fixed ? maybe! But before this bug reaches to entire world its fixes were already deployed in Servers of big companies like Google, Amazon, Facebook, Paypal, etc. Once patched, it was publicly announced.
---------------------------------------------------------------------------------------------
I remember how everyone in Google+ were discussing on Heartbleed bug of openSSL. Bit off-topic, but this makes Google+ best social networking website where you do learn some new shit everyday, unlike FB where these kids troll eachother.
You are reading an archived discussion.
Related Posts
The writing is on the wall.
Conventional jobs are being taken over by low cost robots.
Here is an article on robots doing turning jobs:
https://www.productionmachining.com/articles/technology-advances-automation-trends
Actually im in problem i don't know what to do; i just crack gate two time, this time my score 32 only, so i will get normal college, but i...
sir , I want to apply Ceramic Tiles on bathroom and toilets to old wall . is plaster and distemper on wall remove before installation tiles ? please give steps...
Well, I am back to CE. Enjoying here my stay. In some past months, I was busy in my Final Year Project, Attending Conferences, Research Papers and more importantly GATE....
Though true traditional art the precision is pure engineering!
Though Tamils are taking the credit the troupe is actually from Andhra.