[Ach] heartbleed -- some background...
Adi Kriegisch
adi at kriegisch.at
Wed Apr 9 16:15:16 CEST 2014
Hey!
I just stumbled across a mail from Theo de Raadt[1] that gives some
insights on why there are no segfaults and why you'll always get 64K of
highly sensitive information:
The OpenSSL guys implemented their own malloc and free wrappers that
allocate 64K mem chunks on all platforms to work around certain slower (but
safer) implementations on some (OpenBSD) platforms.
It could be a good idea to add that incident to the introduction of our
paper in a way that more clearly states that this paper only deals with
crypto which does not mean you are safe. It just covers one (single) aspect
of security in a pretty long chain. And as always: the weakest link
decides...
-- Adi
[1] http://article.gmane.org/gmane.os.openbsd.misc/211963
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20140409/058cdc52/attachment.sig>
More information about the Ach
mailing list