So it's probably a good thing that the OpenBSD people are forking OpenSSL. However, I see a lot of comments joining in on the snark about "OMG, can you BELIEVE how TERRIBLE this code is?"
It seems popular that when something bad happens to a project, there's a "pile on the schadenfreude party". I don't enjoy it, and I don't think it's healthy. It definitely doesn't follow the golden rule.
We can be better than that.
Charles Roth, Artopal, William L. Anderson, testbeta and 5 others likes this.
Claes Wallin (韋嘉誠), Claes Wallin (韋嘉誠), Mike Linksvayer shared this.
Switching to a language that's safe from memory errors doesn't actually make you safe from memory errors. It just changes the places in the code that could break. After all, memory has to come from somewhere.
Rust won't let you make the kind of mistake involved in Heartbleed. Sure, the app would crash, but I think we would all prefer that we had a benign crash bug in OpenSSL to a private key disclosure bug.
I'd say that it's not so much that it shouldn't be applied at all, but it should've been applied before this happened. "Your code is shit and you should feel bad" can be a good motivator, in my experience.
Claes Wallin (韋嘉誠) likes this.
I think this is still missing the broader context.
An older memory management method used in OpenSSL for optimizing performance called ""freelist" basically keeps the contents of memory "around forever" and exacerbates problems such as Heartbleed. http://www.darkreading.com/vulnerabilities---threats/did-a-faulty-memory-feature-lead-to-heartbleed/d/d-id/1204505
This type of bug is, as a general thing, a bug where the developers tried to do too much off-topic work, which made their work (a) buggy and (b) not looked-at by experts. That can happen in any programming language on any project.
Saying, "C is too powerful and doesn't have error checking features, damn it, and those crazy developers can go and break stuff if they aren't careful." may be appealing, and certainly there are advantanges to using other languages -- I haven't coded in C in years, and it would be nice to have more SSL implementations in other languages on hand -- but the general class of error as described above exists in every language everywhere, and it always will.
To me, this last point is far more interesting than observations about how primitive C is. Everyone knows C is primitive. That was the entire point of it.