Today's Question:  What does your personal desk look like?        GIVE A SHOUT

SEARCH KEYWORD -- Bug code

  Latest PHP patch cannot fix the bug

On Wednesday(2012-05-02), a remote code execution vulnerability in PHP was accidentally exposed to the Web, prompting fears that it may be used to target vulnerable websites on a massive scale. The bug itself was traced back to 2004, and came to light during a recent CTF competition.A CERT advisory on the flaw explains: “When PHP is used in a CGI-based setup (such as Apache's mod_cgid), the php-cgi receives a processed query string parameter as command line arguments which allows com...

   PHP,bug,patch,bypassed     2012-05-08 11:20:56

  Linus Torvalds apologizes for Linux 4.8 kernel bug

On Oct 2, Linus Torvalds proudly announced the release of Linux 4.8. But just days after the release, a bug was found in the kernel and Linus came out and apologized for this bug. I'm really sorry I applied that last series from Andrew just before doing the 4.8 release, because they cause problems, and now it is in 4.8 (and that buggy crap is marked for stable too). In particular, I just got this kernel BUG at ./include/linux/swap.h:276 and the end result was a dea...

   LINUX,LINUX KERNEL,NEWS,LINUS TORVALDS,BUG_ON     2016-10-07 03:46:17

  What do programmers like to say usually?

Coding is an very important part of programmer's daily work. But beyond coding, programmers need to do other work as well, they need to fix bugs reported by users, they need to write documents for their codes. Also, they often need to answer questions from customers, bosses and colleagues. What do they often say when they are facing different sort of questions? Today we share some. It's done. I just need to clean up a few things. This is hacky, but I'll fix it soon. This can never happen: It's ...

   Programmer,Execuse,Bug     2013-08-07 07:38:30

  A serious security vulnerability found in MySQL/MariaDB

Recently a serious security vulnerability was found in MySQL/MariaDB. It relates to the access to the database. The issue is described below.When a user connects to MariaDB/MySQL, a token (SHA over a password and a random scramble string) is calculated and compared with the expected value. Because of incorrect casting, it might've happened that the token and the expected value were considered equal, even if the memcmp() returned a non-zero value. In this case MySQL/MariaDB would think that the p...

   MySQL,MariaDB,bug,fix,password,memcmp()     2012-06-11 10:28:09

  HeartBleed: OpenBSD now starts to clean up OpenSSL

Since the disclosure of HeartBleed bug in OpenSSL, some arguments emerge around the safety of OpenSSL, the largest open source SSL/TLS library used by large number of servers, applications. Some people are even starting to create their own version of SSL library. This includes OpenBSD, a famous Unix like open source operating system. Just a few days after the HeartBleed bug, OpenBSD forked a new branch of OpenSSL and started to clean up the forked branch and plans to merge it to its own cod...

   HeartBleed,OpenBSD     2014-04-15 04:21:26

  Fastjson just fixed a bug which might cause out of memory issue

Fastjson just fixed a bug which might cause service down a few days ago. This bug is caused by some mishandling of special character \x which is an escaped character to indicate hexdecimal number. The impact of this bug would be big if the attacker constructs a malicious data which would cause the service down.  The code which causes the issue is in com.alibaba.fastjson.parser.JSONLexerBase#scanString, when a JSON string is passed in, fastjson would parse the string character by c...

   FASTJSON,ALIBABA,BUG,NEWS     2019-09-07 06:03:49

  HeartBleed: Should C be blamed for the HeartBleed bug?

There is a discussion about the security of applications written in C on Hacker News recently after the report of HeartBleed bug in OpenSSL. In this discussion, some people are saying that the applications written in C are unsafe. It seems all or most of the faults should be laid on C. I think this is biased. The language itself should not be blamed.Safety is a relative term for programming languages. No language is absolutely safe. We claim some languages like Java and C# are safer than C/C++ b...

   C,HeartBleed,Analysis,Code review     2014-04-14 03:52:55

  How to prevent next HeartBleed bug?

How to ensure the security of open source projects is a concern for many open source users including individual users and companies. But it's not an easy task to ensure the security of open source projects. Because everyone can see the source code, there is much higher possibility that a bug may be found by someone. Once a bug is disclosed, people may exploit it and do evil things, this may cause loss of money either for individuals or companies, some of the bugs may even have big impact to the...

   Open source,HeartBleed,Security     2014-04-24 09:07:05

  Frequently used explanations of programmers

As a programmer, I think many of us have something like these below in our daily work. From these explanations, we may get to know different programmer's characteristics. Below are something we may say frequently. Don't be too serious about them.It's working on my computerI never heard about this beforeIt was working normally yesterdayOk, this is a bugHow is it possible?This must be the problem of the machine or the environmentDo you update your operating system?Must be the problems of client...

   Explanation,Programmer     2012-04-25 08:07:43

  HeartBleed: Inside the heart, what happens to a normal WEB user?

To be brief, our email, IM, facebook etc. are at the risk, so try to minimize the access in these few days. Especially we should try to avoid log into our internet-banking, because we may expose our user id and password. Also later when the service providers fix the bug, we would better to change a new password for all the web accounts that are important to us. Here comes the technical explanation. You might notice before that a lot of websites use URL starting with "https". For example, https:/...

   HeartBleed,Analysis     2014-04-09 22:41:43

RECENT