[Haskell-cafe] Heart Bleed bug in OpenSSL
jays at panix.com
Wed Apr 9 17:32:25 UTC 2014
On Wed, 9 Apr 2014, Vasili I. Galchin <vigalchin at gmail.com> wrote:
> Ok .. I just scanned this .. but is this problem a "logic" bug in the
> OpenSSL C/C++ code or is a type correctness issue?
It is a type error. Information sent in blocks over the Net
should contain a sub-block containing the total length and also
some internal checksum, which may or may not need to be
cryptographically defended. The length sub-block likely would
require some further information too. The famous Bitcoin
malleability difficulty is an example of a block of information
failing to have enough length fields/checksums.
Like most, perhaps all, errors in type design, it is a logic bug
at the design level, which might give a logic bug at the code
More information about the Haskell-Cafe