Reply to post: Re: Heartbleed

They say software will eat the world. Here are some software bugs that took a stab at it

Michael Wojcik Silver badge

Re: Heartbleed

The heartbleed bug was not fundamentally a software error, but intrinsic to the specification in the RFC.

It most certainly was an implementation error, even if the specification encouraged that error. It is entirely possible, and indeed trivial, to prevent a Heartbleed-class error in a DTLS Heartbeat implementation simply by doing the obvious bounds checking. That should be done as a matter of course in pretty much any software written in a language that doesn't do it automatically.

And, arguably, it doesn't matter, since the specification (RFC 6520) and the OpenSSL implementation were written by the same person (Seggelmann).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019