Hacker News new | ask | show | jobs
by swixmix 2251 days ago
the typical buffer overflow would have been caught by OpenBSD's protective malloc.

> [...] OpenSSL adds a wrapper around malloc & free so that the library will cache memory on it's own, and not free it to the protective malloc. [...] So then a bug shows up which leaks the content of memory mishandled by that layer. [...]

https://marc.info/?l=openbsd-misc&m=139698608410938&w=2
2 comments
sgillen 2250 days ago
I don’t think the vulnerability was in malloced memory, it was some buffer on the stack. I’ve actually patched OpenSSL to stop heart bleed as an excersice and iirc the fix was in fact just preventing a typical buffer overflow.
link
selestify 2251 days ago
Seems like that commenter is also saying that it would’ve been caught as a regular buffer overflow bug?

> OpenSSL is not developed by a responsible team.

link