re: #34 Randall Gross

The Heartbleed bug is due to a length variable that tells a routine how many bytes to fetch from memory. It’s only supposed to be set to a very small number, but it’s defined as an unsigned 16-bit integer — and the routine doesn’t check to make sure the length hasn’t been set to a very large number. Since an unsigned int can contain a number up to 65,536, it’s possible to pass the routine that number and have it retrieve up to 64K of memory at a time. And because the memory’s allocated dynamically, you can call it repeatedly and get different chunks of RAM each time.