TWiT Throwback (Audio)

Coding 101 13: Sanitize')DROP TABLE Python;

Listen Later

Welcome to Coding 101 - It's the TWiT show that gives YOU the knowledge to live in the wonderful world of the programmer. This week we are introducing our newest module, Python with Code Warrior Dale Chase!

To see all the code used in today's episode, go to Our Github Repository for Module 2

Loops (Recap)
  • As we may recall, loops are an easy way to reuse code.
  • It allows us to "loop" a section of code so that it doesn't have to be writen over and over.

    • While Loops

    While loops in Python work very much like they do in C#

    They use some sort of counter and some sort of relational true/false statement. The while loop will continue to run as long as the statement is true. The true/false statement is pre-test, meaning that it will evaluate the statement BEFORE the loop code is executed.

    Code Sample:

    counter = 0

    while counter < 5:

    counter = counter +1

    print counter

    Output:
    1
    2
    3
    4
    5

    Sanitizing your Input! The Heartbleed Bug

    What is the Hearbeat?

    • The problem lies in the "Hearbeart"
      • It's a way to keep a SECURE TLS session alive /// to keep it from "timing out"
      • The Heartbeat is a payload of arbitrary data which is sent from one end of the connection to the other, and back again.
      • If the heartbeat makes the round trip intact, then both sides of the connection know that the connection is still active and still secure.

        • Here is the OpenSSL Cod

        (The Bug starts on Line 3972)

        /* Read type and payload length first */

        hbtype = *p++;

        n2s(p, payload);

        pl = p;

        hbtype is the TYPE of data

        P++ increments the pointer

        p is the pointer for the payload

        payload is the length of the payload

        The problem is that the SENDER gets to set the "payload" length and the code never checks to see if the sent length matches the recieved length of the payload.

        The Crux of the Matter:

        • The Hearbleed bug stems from code that does not check to make sure it's recieving into memory what it expected.
        • In other words... IT DIDN'T SANITIZE IT'S INPUT!

          • Hosts: Fr. Robert Ballecer, SJ and Shannon Morse

          Guest: Dale Chase

          Get in Touch With Us!
          • Subscribe and get Coding 101 automatically at https://twit.tv/shows/coding-101.
          • Follow PadreSJ and Snubs on Twitter

            • Bandwidth for Coding 101 is provided by CacheFly.

            Sponsor:

            • lynda.com/c101

              • ...more
              View all episodesView all episodes
              Download on the App Store
              TWiT Throwback (Audio)By TWiT
              • 4
              • 4
              • 4
              • 4
              • 4

              4

              4 ratings

              More shows like TWiT Throwback (Audio)

              View all
              Total Leo (Audio) by TWiT

              Total Leo (Audio)

              202 Listeners

              TWiT News (Audio) by TWiT

              TWiT News (Audio)

              78 Listeners

              All TWiT.tv Shows (Audio) by TWiT

              All TWiT.tv Shows (Audio)

              355 Listeners

              TWiT Events (Audio) by TWiT

              TWiT Events (Audio)

              8 Listeners

              Total Mikah (Audio) by TWiT

              Total Mikah (Audio)

              3 Listeners

              Untitled Linux Show (Audio) by TWiT

              Untitled Linux Show (Audio)

              7 Listeners

              Host-Read Ads (Audio) by TWiT

              Host-Read Ads (Audio)

              3 Listeners