misc/124410: malloc exposes previously free'd memory
Garrett Cooper
yanefbsd at gmail.com
Mon Jun 9 09:42:42 UTC 2008
On Mon, Jun 9, 2008 at 2:40 AM, <rene.schickbauer at magnapowertrain.com> wrote:
> The following reply was made to PR misc/124410; it has been noted by GNATS.
>
> From: rene.schickbauer at magnapowertrain.com
> To: bug-followup at FreeBSD.org, rene.schickbauer at magnapowertrain.com
> Cc:
> Subject: Re: misc/124410: malloc exposes previously free'd memory
> Date: Mon, 9 Jun 2008 11:08:13 +0200
>
> I forgot to mention:
>
> Yes, i know, there is an option for malloc() to automatically initialize
> memory to "0".
>
> But this is doesn't look like it's enough:
>
> For one thing, it looks like the user may override global setting (is
> unsetting an option possible?). According to the man-page, the memset() (if
> option is set) is done in malloc() instead directly in the kernel, and
> realloc() and reallocf() are not covered at all.
>
> Also, free()ing memory should wipe it for security reasons, for example it
> may help against the "RAM freezing hacks", in cases where the application
> has already free()'d but not malloc()'d security relevant data; see also
> <http://www.hackaday.com/2008/02/21/breaking-disk-encryption-with-ram-dumps/>
Rene,
Could you provide more info, such as CFLAGS used, CPUTYPE, and gcc
--version please?
Thanks,
-Garrett
More information about the freebsd-bugs
mailing list