""OpenSSL has exploit mitigation countermeasures to make sure its exploitable"" http://article.gmane.org/gmane.os.openbsd.misc/211963
Leaving aside the personal (and questionable) opinions from Theo about OpenSSL developers, I think he is right about that this malloc wrapper looks quite bad. Probably without it the heartbleed bug won't have caused so much havoc, or would have been detected earlier by some debugger. What's the stance of openssl developers on this? Will you get rid of this wrapper? Regards!
signature.asc
Description: OpenPGP digital signature
