If they just keep reusing a buffer and forget to clear it in between requests there is nothing automated that would find it.
Bounds checking languages would not help either - they would only work if they delete and reallocate the buffer on each request, since that's slow it's unlikely anyone would do that.
They probably wouldn't even clear the buffer, instead they rely on keeping track of the length of data in it, so any errors in there would be a problem.
They're human too. Look at the response times!
Yea but... seems like a quick run of valgrind would have caught this
Personally, I've never had an experience with valgrind that could be reasonably characterized as "quick". But YMMV.
Not necessarily.
If they just keep reusing a buffer and forget to clear it in between requests there is nothing automated that would find it.
Bounds checking languages would not help either - they would only work if they delete and reallocate the buffer on each request, since that's slow it's unlikely anyone would do that.
They probably wouldn't even clear the buffer, instead they rely on keeping track of the length of data in it, so any errors in there would be a problem.
1 reply →
Application security team? Probably needs work.
But their overall response to this was still good, and very quick given the scale of the issue.