|
|
|
|
|
|
by cmbaus
4449 days ago
|
|
|
I believe there is some confusion (at least I was confused until I looked at the code) that the library had universally replaced malloc with another allocator. While the library allows users to provide their own allocator, it is not done by default. The code in question does not use the freelist implementation. It goes directly to OPENSSL_Malloc which is basically malloc. What happened was the exploit allowed remote clients to read beyond the size of the buffer allocated by OPENSSL_Malloc. There just happened to be data from the freelist sitting next to it. Even if the freelist implementation wasn't used, that wouldn't have prevented this exploit. There would just be something else sitting there in memory, but we can't predict what that would have been. |
|
|