OpenSSL Heartbeat Code
github.comOpenSSL heartbeat bug patch (CVE-2014-0160):
https://github.com/openssl/openssl/commit/731f431497f463f3a2...
> A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.
Previous discussion: https://news.ycombinator.com/item?id=7557825
Can someone explain which part of the code contains the bug and why it is a bug?
https://github.com/openssl/openssl/commit/bd6941cfaa31ee8a3f...
Amelek is being a bit harsh or just plain wrong; I learned a few days ago that checking malloc's return value means almost nothing: