[tor-talk] [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
tpb-crypto at laposte.net
tpb-crypto at laposte.net
Fri Apr 11 21:06:36 PDT 2014
> Message du 12/04/14 04:57
> De : "Peter Malone"
> A : tpb-crypto at laposte.net
> Copie à : "Cypher" , cypherpunks at cpunks.org
> Objet : Re: [tor-talk] [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
>
> I don't buy into conspiracy theories often but I really can't see how
> you can fail to follow your own RFC. If he had a check in there to make
> sure the payload_length wasn't too large I would say "hey, he forgot to
> make sure it wasn't too small and he never even mentioned checking if it
> was too small that in the RFC"... but he actually never checked for
> anything.. so maybe it is just a mistake. He definitely failed to follow
> his own RFC which never mentioned making sure the length was correct,
> just that it wasn't too big, and that's something he never did.
>
> I don't get how the reviewer can miss it too, like it's code for an RFC
> the reviewer is COMPLETELY new to... so at first the code looks a bit
> mad until you read the RFC, then you realize right away that he's
> missing shit. Seems silly, i don't think the reviewer ever read the RFC.
>
Look at the date and time the commit was done by the reviewer, make your own conclusions:
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4817504d069b4c5082161b02a22116ad75f822b1
More information about the cypherpunks
mailing list