This flaw has been considered as unlikely to be exploited for HTTPS,
as it only allows the attacker to inject prefixes. By changing the
trick given by Marsh Ray, the attacker can increase his
possibilities. More detail, and an example of the use of a slightly
modified version of this PoC to steal
It might not work with up-to-date OpenSSL.
Fixing that is left as an exercise for the reader.
--
Pavel Kankovsky aka Peak / Jeremiah 9:21\
For death is come up into our MS Windows(tm)... \ 21st century edition /
#include errno.h
#include stdio.h
#include string.h