nanog mailing list archives
Re: DNSSEC?
From: shawn wilson <ag4ve.us () gmail com>
Date: Sat, 12 Apr 2014 03:01:17 -0400
But it doesn't really matter if you zero out freed memory. Maybe it'll prevent you from gaining some stale session info and the like. But even if that were the case, this would still be a serious bug - you're not going to reread your private key before encrypting each bit of data after all - that'd just be wasteful. In other words, this is kind of moot. On Apr 12, 2014 2:24 AM, "Mark Andrews" <marka () isc org> wrote:
Don't think for one second that using malloc directly would have saved OpenSSL here. By default malloc does not zero freed memory it returns. It is a feature that needs to be enabled. If OpenSSL wanted to zero memory it was returning could have done that itself. The only difference is that *some* malloc implementations examine the envionment and change their behaviour based on that. That OpenSSL used its own memory allocator was a problem does not stand up to rigourous analysis. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: DNSSEC?, (continued)
- Re: DNSSEC? Barry Shein (Apr 11)
- Re: DNSSEC? Christopher Morrow (Apr 11)
- Re: DNSSEC? Barry Shein (Apr 11)
- Re: DNSSEC? Bill Woodcock (Apr 11)
- Re: DNSSEC? Chris Adams (Apr 11)
- Re: DNSSEC? Carsten Bormann (Apr 11)
- Re: DNSSEC? Matt Palmer (Apr 11)
- Re: DNSSEC? Robert Drake (Apr 11)
- Re: DNSSEC? Mark Andrews (Apr 11)
- Re: DNSSEC? Jimmy Hess (Apr 11)
- Re: DNSSEC? Mark Andrews (Apr 11)
- Re: DNSSEC? shawn wilson (Apr 12)
- Re: DNSSEC? Michael Thomas (Apr 12)
- Re: DNSSEC? Jimmy Hess (Apr 12)
- Re: DNSSEC? Michael Thomas (Apr 12)
- Re: DNSSEC? Carsten Bormann (Apr 11)