> . The design is just plain wrong. Is that statement the benefit of hindsight knowledge, or do you have a more intelligent thought process behind it? (I can imagine the all-knowing smirk in the background, but I'd really like to know :-)
- DM On Apr 23, 2014, at 01:06 AM, Max Rottenkolber <m...@mr.gy> wrote: >> From what I understand about the bug (I have not seen the code) it sounds > like data length information >> arrived both directly and indirectly in the client message and that a > conflict between them was not >> scrutinized. > > No. The bug was that the keep alive protocol in SSL mandates the server to > echo arbitrary data back to the client. The bounds checks were wrong too, > but at that stage it really doesn't matter. The design is just plain wrong. > > > > _______________________________________________ > pro mailing list > pro@common-lisp.net > http://common-lisp.net/cgi-bin/mailman/listinfo/pro > Dr. David McClain d...@refined-audiometrics.com
_______________________________________________ pro mailing list pro@common-lisp.net http://common-lisp.net/cgi-bin/mailman/listinfo/pro