[Cryptography] Heartbleed and malloc
Dmitry Belyavsky
beldmit at gmail.com
Sun May 11 03:56:06 EDT 2014
Hello Viktor,
On Fri, May 9, 2014 at 7:31 PM, Viktor Dukhovni
<cryptography at dukhovni.org>wrote:
>
> Done, but the OpenBSD critique did have a point, in that OpenSSL
> maintained its own memory pool for some allocations that bypassed
> malloc/free, and therefore was not covered by any security options
> in malloc() and free(). Disabling that pool and always using
> malloc()/free(), uncovered a use after free bug.
>
OpenSSL memory management also allows to debug memory leaks. And it seem to
be an advantage of its memory-managing functions.
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140511/a95d0cb3/attachment.html>
More information about the cryptography
mailing list