> and one of those copies can end up with uninitialized junk, so that's wrong. T... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		orra on April 9, 2024 \| parent \| context \| favorite \| on: How I tripped over the Debian weak keys vulnerabil... > and one of those copies can end up with uninitialized junk, so that's wrong. To be fair to the Debian patch, reading from uninitialized junk doesn't sprinkle randomness into the desired buffer: it invokes undefined behaviour. The Debian patch was lawful!

tedunangst on April 9, 2024 [–]

The part where they also zeroed the buffer with intentionally random data may have been lawful, but it wasn't good.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact