Message du 12/04/14 04:57 De : "Peter Malone"
A : tpb-crypto@laposte.net Copie à : "Cypher" , cypherpunks@cpunks.org Objet : Re: [tor-talk] [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
I don't buy into conspiracy theories often but I really can't see how you can fail to follow your own RFC. If he had a check in there to make sure the payload_length wasn't too large I would say "hey, he forgot to make sure it wasn't too small and he never even mentioned checking if it was too small that in the RFC"... but he actually never checked for anything.. so maybe it is just a mistake. He definitely failed to follow his own RFC which never mentioned making sure the length was correct, just that it wasn't too big, and that's something he never did.
I don't get how the reviewer can miss it too, like it's code for an RFC the reviewer is COMPLETELY new to... so at first the code looks a bit mad until you read the RFC, then you realize right away that he's missing shit. Seems silly, i don't think the reviewer ever read the RFC.
Look at the date and time the commit was done by the reviewer, make your own conclusions: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c508216...