I'm guessing the patch was broken because they didn't have an actual patch laying around, they had to do a diff against the upstream and try to pick out the relevant parts. That doesn't excuse some of the other errors though, like integer overflows and not checking return codes. That also doesn't excuse the fact that they didn't actually try the patch before sending it out.
There could be other pieces that we're missing, and this patch alone doesn't prove that you can obtain private keys from Akamai's servers with the Heartbleed bug. It just proves that there could be key parts outside of their protected storage area and they suck at creating patches of their modifications. That being said, I'd love to see someone apply Akamai's OpenSSL patch and still pull the key with Heartbleed.
Yes. It's not really fair of the OP to say "this is broken in totally obvious ways and would clearly not actually run" and yet critique it as if it was production code. It's fairly obviously (at this point) a hand-constructed pseudo-diff.
There could be other pieces that we're missing, and this patch alone doesn't prove that you can obtain private keys from Akamai's servers with the Heartbleed bug. It just proves that there could be key parts outside of their protected storage area and they suck at creating patches of their modifications. That being said, I'd love to see someone apply Akamai's OpenSSL patch and still pull the key with Heartbleed.