Serious OpenSSL vulnerability
Jerry Feldman
gaf at blu.org
Mon Apr 14 18:50:00 UTC 2014
On 04/13/2014 06:23 AM, Timothy Murphy wrote:
> Roger wrote:
>
>> It happened. It was known for years.
> Everything I have seen says it has been known for about 1 week.
>
> Incidentally, I am no programmer but I would have thought
> it would be relatively simple to set up a test
> to see if a "malloc"-ed space could be transgressed.
>
There have been tools for this for many years. Rational Purify is one
tool that used to test for that. The problem here is that the tools that
test for buffer overflow also are time consuming. A "Purified" program
was several times larger and slower than the bare code. You use tools
like Purify to test your code, but not for production code.
--
Jerry Feldman <gaf at blu.org>
Boston Linux and Unix
PGP key id:3BC1EB90
PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66 C0AF 7CEA 30FC 3BC1 EB90
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 530 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20140414/d3a5fd8d/attachment.sig>
More information about the users
mailing list