lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Mon, Aug 25, 2014 at 3:30 AM, Coroutines <coroutines@gmail.com> wrote:
> On Sun, Aug 24, 2014 at 7:50 PM, Javier Guerra Giraldez
> <javier@guerrag.com> wrote:
>> On Sun, Aug 24, 2014 at 9:25 PM, Sean Conner <sean@conman.org> wrote:
>>>   Reusing a buffer was the cause of the recent Heartbleed bug that affected
>>> OpenSSL and just about everything that relied upon it.
>>
>>
>> I think it was more like failing to sanitize an input (http://xkcd.com/1354/)
>
> On a related note, I think because of Heartbleed we should never reuse
> buffers ever again.  Seems logical, right?  Can't trust programmers
> anyway, we're all just simple beings that can't figure out better...
>
> (I'm not mad at you, I think Sean is getting ridiculous -- Appeal to
> Fear and all that...)

The actual lesson in Heartbleed is "never assume anything is safe when
you're writing crypto." (The lesson in Apple's SSL bug was "don't
copy-paste code," which is much more broadly relevant.)

/s/ Adam