Reply to post:

Cloudbleed: Big web brands 'leaked crypto keys, personal secrets' thanks to Cloudflare bug

Bronek Kozicki

"elsewhere p becomes greater than pe" I would suggest that in the face of this happening, replacing "==" with ">=" is merely a workaround and not a proper fix. The proper fix would be to perform the same check in any location where "p" is increased (or "pe" decreased).

With the workaround alone as implemented, the code will jump to "_test_eof" when p is already too large, which might also lead to a small leak of data.

Anyway, a proper way to prevent bugs similar like this one from happening is to built a proper automated testing into your software development process. Since they are using a domain specific language, then perhaps unit testing might be too difficult, but nothing excuses them from not running a regression test suite (that is, as long as they do have one).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021