On Sun, Apr 13, 2014 at 08:38:11AM -0500, Ranjan Maitra wrote:
On Sun, 13 Apr 2014 09:15:04 -0400 Rahul Sundaram metherid@gmail.com wrote:
Hi
On Sun, Apr 13, 2014 at 6:23 AM, Timothy Murphy wrote:
Roger wrote:
It happened. It was known for years.
Everything I have seen says it has been known for about 1 week.
Incidentally, I am no programmer but I would have thought it would be relatively simple to set up a test to see if a "malloc"-ed space could be transgressed.
Not in this case. openssl uses a custom malloc
So, a valgrind -tool=memcheck --leak-check=yes --show-reachable=yes --track-fds=yes --track-origins=yes would not have helped?
AFAIU this is not a memory leak; it is a buffer overflow: lack of bounds checking. I do not think valgrind (or any other tool) can help with that. Feel free to correct me if I am wrong.
Cheers,