Good ideas and conversation. No ads, no tracking. Login or Take a Tour!
boathouse2112 · 3882 days ago · link · · parent · post: A XKCD comic explaining how the Heartbleed bug works
I'm sure I'm missing something, but wouldn't it be really easy to avoid this bug by not letting a user define the data length?
Packets often contain payload length so the receiver knows how much to read from the network. Relying on this data, however, is Bad News; as this bug clearly demonstrates. I've often thought a well behaved receiver should disconnect clients which misreport.