undefined | Better HN

0 pointsBlikkentrekker5y ago0 comments

It's incorrect, however.

Heartbleed wasn't caused by reusing buffers; it was caused by not properly sanitizing the length of the buffer from entrusted input, and reading over it's allocated size, thus allowing the attacker to read into memory that wasn't meant for him.

0 comments

pornel5y ago

OpenSSL had its own memory-recycling allocator, which made the bug guarantee leaking OpenSSL's own data. Of course leaking random process memory wouldn't be safe either, but the custom allocator added that extra touch.

BlikkentrekkerOP5y ago

OpenSSL, like many other software indeed used a custom allocator, but this hasn't much to do with this to anything at all, as the system allocator also strongly favors giving back memory that once belonged to the same process, as it has to zero memory that belonged to other processes first.

This is of course a kernel feature when the lower level primitives are used that ask for blocks of memory from the kernel, which zeroes them if they had belonged to another process prior, and does not when they had not, and thus strongly favors giving back own memory. — allocators, such as the standard library's one or any custom ones, are built on top of these primitives.

j / k navigate · click thread line to collapse

0 pointsBlikkentrekker5y ago0 comments

It's incorrect, however.

0 comments

pornel5y ago

BlikkentrekkerOP5y ago

j / k navigate · click thread line to collapse