DNSSEC?
Michael Thomas
mike at mtcc.com
Sat Apr 12 14:17:16 UTC 2014
On 04/11/2014 10:45 PM, Jimmy Hess wrote:
>
> The vulnerability is related to re-used memory pages within the same process.
> It also does not help that OpenSSL has its own wrapper around malloc()
>
> And instead of using the standard system libraries for memory
> allocation, apparently uses a high-risk memory allocation policy,
> that maximizes the exploitability of vulns like the Heartbeat
> extension issue, and prevents security mitigations from working
> that would otherwise be effective.....:
>
>
Malloc doesn't write over to-be allocated memory, calloc does. Using a
wrapper is hardly unusual or controversial -- malloc can be expensive, and
keeping lookaside list for, say, commonly used and fixed sized blocks is, or
at least used to be, a big performance win.
Far from getting rid of evul wrappers, it seems to me that if they were
smart with
their wrappers they'd have wrapper routine for anything vaguely associated
with wire output that zeros the allocated memory.
Mike
More information about the NANOG
mailing list