icon/arrow Back to news
02.02.2016

Fiddly buffer overrun in OpenSSL

TrustInSoft reported bugs in Open SSL

Graphic: Technical article

John’s blog is hosting a post, co-authored by me, about one of the more entertaining “bugs” reported by TrustInSoft in OpenSSL. In this case the behavior was intended, and looked like a good idea when the code was originally written. I see this anecdote as a continuation of the “sociology of open-source security fixes” series. Unlike the situation in the first two post of that series, here the codebase has a long history, with some parts of it going back twenty years, but practices have changed and compilers have changed.

The incongruous pattern was present in both LibreSSL and OpenSSL, and has now been cleaned-up from both. Many thanks to all maintainers of aging open-source software, it is a difficult task.

Newsletter

Related articles

See more news
April 17, 2024

Embedded World 2024 Recap

  • Blogs, Events

Contact us

Ensure your software is immune from vulnerabilities and
does not crash whatever the input.
Contact us
TrustInSoft logo small
Follow us
Twitter Facebook Linkedin Youtube
Our services
Industries
TrustInSoft
Contact details

600 California St, 11th floor
San Francisco, CA 94108, USA
+1 (408) 829-5882

222 cour avenue du Maine

75014 Paris – FRANCE

+33 1 84 06 43 91

©2024 TrustInSoft
Legal Notice