[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Pooling of strings is good
- From: Coda Highland <chighland@...>
- Date: Mon, 25 Aug 2014 05:15:40 -0700
On Mon, Aug 25, 2014 at 3:30 AM, Coroutines <coroutines@gmail.com> wrote:
> On Sun, Aug 24, 2014 at 7:50 PM, Javier Guerra Giraldez
> <javier@guerrag.com> wrote:
>> On Sun, Aug 24, 2014 at 9:25 PM, Sean Conner <sean@conman.org> wrote:
>>> Reusing a buffer was the cause of the recent Heartbleed bug that affected
>>> OpenSSL and just about everything that relied upon it.
>>
>>
>> I think it was more like failing to sanitize an input (http://xkcd.com/1354/)
>
> On a related note, I think because of Heartbleed we should never reuse
> buffers ever again. Seems logical, right? Can't trust programmers
> anyway, we're all just simple beings that can't figure out better...
>
> (I'm not mad at you, I think Sean is getting ridiculous -- Appeal to
> Fear and all that...)
The actual lesson in Heartbleed is "never assume anything is safe when
you're writing crypto." (The lesson in Apple's SSL bug was "don't
copy-paste code," which is much more broadly relevant.)
/s/ Adam
- References:
- Pooling of strings is good, Dirk Laurie
- Re: Pooling of strings is good, Coroutines
- Re: Pooling of strings is good, Dirk Laurie
- Re: Pooling of strings is good, Coroutines
- Re: Pooling of strings is good, Jay Carlson
- Re: Pooling of strings is good, Coroutines
- Re: Pooling of strings is good, Jay Carlson
- Re: Pooling of strings is good, Coroutines
- Re: Pooling of strings is good, Sean Conner
- Re: Pooling of strings is good, Javier Guerra Giraldez
- Re: Pooling of strings is good, Coroutines
