DNSSEC?

• Previous message (by thread): DNSSEC?
• Next message (by thread): DNSSEC?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 04/11/2014 10:45 PM, Jimmy Hess wrote:
>
> The vulnerability is related to re-used memory pages within the same process.
> It also does not help that OpenSSL  has its own wrapper around malloc()
>
> And instead of using the standard system libraries for memory
> allocation, apparently uses a high-risk memory allocation policy,
> that maximizes the exploitability of vulns like the Heartbeat
> extension issue,   and prevents  security mitigations from working
> that would otherwise be effective.....:
>
>

Malloc doesn't write over to-be allocated memory, calloc does. Using a
wrapper is hardly unusual or controversial -- malloc can be expensive, and
keeping lookaside list for, say, commonly used and fixed sized blocks is, or
at least used to be, a big performance win.

Far from getting rid of evul wrappers, it seems to me that if they were 
smart with
their wrappers they'd have wrapper routine for anything vaguely associated
with wire output that zeros the allocated memory.

Mike

• Previous message (by thread): DNSSEC?
• Next message (by thread): DNSSEC?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]