[Haskell-cafe] Heart Bleed bug in OpenSSL

Jay Sulzberger jays at panix.com
Wed Apr 9 17:32:25 UTC 2014

On Wed, 9 Apr 2014, Vasili I. Galchin <vigalchin at gmail.com> wrote:

> http://heartbleed.com/
> Ok .. I just scanned this .. but is this problem a "logic" bug in the
> OpenSSL C/C++ code or is a type correctness issue?
> Thanks,
> Vasili

It is a type error.  Information sent in blocks over the Net
should contain a sub-block containing the total length and also
some internal checksum, which may or may not need to be
cryptographically defended.  The length sub-block likely would
require some further information too.  The famous Bitcoin
malleability difficulty is an example of a block of information
failing to have enough length fields/checksums.

Like most, perhaps all, errors in type design, it is a logic bug
at the design level, which might give a logic bug at the code


More information about the Haskell-Cafe mailing list