> . The design is just plain wrong.

Is that statement the benefit of hindsight knowledge, or do you have a more 
intelligent thought process behind it? (I can imagine the all-knowing smirk in 
the background, but I'd really like to know :-)

- DM

On Apr 23, 2014, at 01:06 AM, Max Rottenkolber <m...@mr.gy> wrote:

>> From what I understand about the bug (I have not seen the code) it sounds
> like data length information
>> arrived both directly and indirectly in the client message and that a
> conflict between them was not
>> scrutinized. 
> 
> No. The bug was that the keep alive protocol in SSL mandates the server to
> echo arbitrary data back to the client. The bounds checks were wrong too,
> but at that stage it really doesn't matter. The design is just plain wrong.
> 
> 
> 
> _______________________________________________
> pro mailing list
> pro@common-lisp.net
> http://common-lisp.net/cgi-bin/mailman/listinfo/pro
> 

Dr. David McClain
d...@refined-audiometrics.com



_______________________________________________
pro mailing list
pro@common-lisp.net
http://common-lisp.net/cgi-bin/mailman/listinfo/pro

Reply via email to