nanog mailing list archives
Re: DNSSEC?
From: Michael Thomas <mike () mtcc com>
Date: Sat, 12 Apr 2014 07:17:16 -0700
On 04/11/2014 10:45 PM, Jimmy Hess wrote:
The vulnerability is related to re-used memory pages within the same process. It also does not help that OpenSSL has its own wrapper around malloc() And instead of using the standard system libraries for memory allocation, apparently uses a high-risk memory allocation policy, that maximizes the exploitability of vulns like the Heartbeat extension issue, and prevents security mitigations from working that would otherwise be effective.....:
Malloc doesn't write over to-be allocated memory, calloc does. Using a wrapper is hardly unusual or controversial -- malloc can be expensive, and keeping lookaside list for, say, commonly used and fixed sized blocks is, or at least used to be, a big performance win.Far from getting rid of evul wrappers, it seems to me that if they were smart with
their wrappers they'd have wrapper routine for anything vaguely associated with wire output that zeros the allocated memory. Mike
Current thread:
- Re: DNSSEC?, (continued)
- Re: DNSSEC? Christopher Morrow (Apr 11)
- Re: DNSSEC? Bill Woodcock (Apr 11)
- Re: DNSSEC? Chris Adams (Apr 11)
- Re: DNSSEC? Carsten Bormann (Apr 11)
- Re: DNSSEC? Matt Palmer (Apr 11)
- Re: DNSSEC? Robert Drake (Apr 11)
- Re: DNSSEC? Mark Andrews (Apr 11)
- Re: DNSSEC? Jimmy Hess (Apr 11)
- Re: DNSSEC? Mark Andrews (Apr 11)
- Re: DNSSEC? shawn wilson (Apr 12)
- Re: DNSSEC? Michael Thomas (Apr 12)
- Re: DNSSEC? Jimmy Hess (Apr 12)
- Re: DNSSEC? Michael Thomas (Apr 12)
- Re: DNSSEC? Carsten Bormann (Apr 11)