Date: Mon, 21 Apr 2014 03:10:22 +0100 From: Jamie Landeg-Jones <jamie@dyslexicfish.net> To: na@rtfm.net, jamie@dyslexicfish.net Cc: hcoin@quietfountain.com, freebsd-security@freebsd.org Subject: Re: De Raadt + FBSD + OpenSSH + hole? Message-ID: <201404210210.s3L2AMwO019892@catnip.dyslexicfish.net> In-Reply-To: <CADgEyUt1_BiTQhvjzS0%2Bot0hUVNSUMXM8qXki%2B6dZio%2BgWfZgg@mail.gmail.com> References: <534B11F0.9040400@paladin.bulgarpress.com> <201404141207.s3EC7IvT085450@chronos.org.uk> <201404141232.s3ECWFQ1081178@catnip.dyslexicfish.net> <53522186.9030207@FreeBSD.org> <201404200548.s3K5mV7N055244@catnip.dyslexicfish.net> <53540307.1070708@quietfountain.com> <201404201831.s3KIVCSY054778@catnip.dyslexicfish.net> <CADgEyUt1_BiTQhvjzS0%2Bot0hUVNSUMXM8qXki%2B6dZio%2BgWfZgg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nathan Dorfman <na@rtfm.net> wrote: > free() doesn't usually "free memory back to the system." It just puts > it back onto a "free list" managed by libc, entirely within the > process's address space. > > "Use after free" is actually a rather common type of bug -- do a web > search on that term to see just how often it comes up. Ahhh, so (simplifying it here somewhat), malloc/free don't always affect the kernels own representation of the processes memory allocation, as part of libc behaves a bit like a cache - buffering and managing requests in userspace, so as to make things run more efficiently. Thanks for the reply - my question wasn't quite as stupid as I feared! Cheers, Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404210210.s3L2AMwO019892>