FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Heartbleed bug?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Heartbleed bug? [message #185553 is a reply to message #185550] Thu, 10 April 2014 22:45 Go to previous messageGo to previous message
Denis McMahon is currently offline  Denis McMahon
Messages: 634
Registered: September 2010
Karma:
Senior Member
On Thu, 10 Apr 2014 22:54:01 +0200, Arno Welzel wrote:

> The fact is, that stream_socket_enable_crypto() allows to build a server
> which listens on a socket to accept incoming SSL/TLS connections and
> uses OpenSSL for this.
>
> OpenSSL up to 1.0.1f has a now well known vulnerability for that use
> case.
>
> Ask who ever you want. If you got the answers that prove all this wrong,
> do the rest of us a favour and tell us.

Yes, but for that issue to affect your (or my, or Jerry's) code, we'd
have had to write our own SSL/TLS enabled server in PHP.

And for that issue to affect anyone elses code, they'd have had to write
their own SSL/TLS enabled server in PHP.

So this comes back to: The "heartbleed" exploit will only affect your php
code if your php code is linked against the exploitable OpenSSL libraries
*AND* your code calls functions in those libraries that expose the
exploits.

And to know that you need to know which functions of the libraries are
exploitable, and whether your code calls those functions. It's impossible
for anyone, without reviewing another persons code, to tell whether that
other person's code is exposed to this exploit or not, and that is the
point that I believe Jerry is trying to make, and that you are so
abstrusely refusing to recognise.

--
Denis McMahon, denismfmcmahon(at)gmail(dot)com
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: cURL and response code 302
Next Topic: PHP Parse error: syntax error, unexpected '$sql' (T_VARIABLE) in
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 20:11:01 GMT 2024

Total time taken to generate the page: 0.04859 seconds