[Cryptography] Heartbleed and malloc
Salz, Rich
rsalz at akamai.com
Fri May 9 11:12:53 EDT 2014
> It looks like the Heartbeat extension did not used the free-list tools
Are you talking about the REUSE_BUFFER stuff? Yes, that's really only used for standard application traffic (SSL_read, SSL_write).
> but from what I can determine, as long as debug modes are off, OPENSSL_malloc gets redefined in a series of steps to be the operating system malloc.
Yes. It is also possible to do run-time redirection (see the CRYPTO_set_*_mem_functions ) but they are tricky and undocumented.
> if our reading is correct, Theo's critique may have been too harsh.
Imagine that.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rsalz at jabber.me; Twitter: RichSalz
More information about the cryptography
mailing list