Right. Now you've got significantly more code (and even more chances of getting ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		masklinn on April 11, 2014 \| parent \| context \| favorite \| on: Xkcd: Heartbleed Explanation Right. Now you've got significantly more code (and even more chances of getting it wrong), more allocations, and you can still fail to correctly handle read(2) not completely filling a buffer and leaking data. Although most likely less than in heartbleed.

danbruc on April 11, 2014 [–]

How did we end up here? My initial point was that zeroing memory does not prevent leaks in the general case and we both agree on that. I never claimed OpenSSL should or should not have done something differently.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact