From owner-freebsd-bugs@FreeBSD.ORG Mon Jun 9 09:42:42 2008 Return-Path: Delivered-To: freebsd-bugs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 09A5A106567A for ; Mon, 9 Jun 2008 09:42:42 +0000 (UTC) (envelope-from yanefbsd@gmail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.154]) by mx1.freebsd.org (Postfix) with ESMTP id 886F38FC18 for ; Mon, 9 Jun 2008 09:42:41 +0000 (UTC) (envelope-from yanefbsd@gmail.com) Received: by fg-out-1718.google.com with SMTP id l26so1732577fgb.35 for ; Mon, 09 Jun 2008 02:42:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=+Zw5L8LzVV7rMNU88DlT4yeQAhPhJJH613AbtE+PopY=; b=Oy3ukToVZErdjVvuPcae+y/D5AWdpA10n3A/4CzF5kWO5sZSg7NWWXSJuz//1U0juw KHtHIdEoZYOSH3UmrrtLKmFpBcl2GGYYLKsS5r5RmZTyKj0vPY5fFbwoXl3mwegT/Il0 rc1JMOXYFyTw58IXpOptsSIo3brHXKZhb3P+Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=KUErfcWOXWKOFjWCp02BsyBDT8GV0b6YqJy3elMogy2MboHqR0PreAlKXtER4/PFP5 1Xwep16zIYKjVD+6BUMZfOaecNowzXx0/+rAiNdZdpTiFZ+kPiLIIDNmofdUR8Nu5qyS T7brhGcipF+YBk/tlLY6FvrhT86nXhq21r2AY= Received: by 10.86.66.19 with SMTP id o19mr3998285fga.40.1213004560370; Mon, 09 Jun 2008 02:42:40 -0700 (PDT) Received: by 10.86.26.8 with HTTP; Mon, 9 Jun 2008 02:42:40 -0700 (PDT) Message-ID: <7d6fde3d0806090242r4f2c8a54r4dddf3a47a919e8a@mail.gmail.com> Date: Mon, 9 Jun 2008 02:42:40 -0700 From: "Garrett Cooper" To: rene.schickbauer@magnapowertrain.com In-Reply-To: <200806090940.m599e632060300@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200806090940.m599e632060300@freefall.freebsd.org> Cc: freebsd-bugs@freebsd.org Subject: Re: misc/124410: malloc exposes previously free'd memory X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jun 2008 09:42:42 -0000 On Mon, Jun 9, 2008 at 2:40 AM, wrote: > The following reply was made to PR misc/124410; it has been noted by GNATS. > > From: rene.schickbauer@magnapowertrain.com > To: bug-followup@FreeBSD.org, rene.schickbauer@magnapowertrain.com > Cc: > Subject: Re: misc/124410: malloc exposes previously free'd memory > Date: Mon, 9 Jun 2008 11:08:13 +0200 > > I forgot to mention: > > Yes, i know, there is an option for malloc() to automatically initialize > memory to "0". > > But this is doesn't look like it's enough: > > For one thing, it looks like the user may override global setting (is > unsetting an option possible?). According to the man-page, the memset() (if > option is set) is done in malloc() instead directly in the kernel, and > realloc() and reallocf() are not covered at all. > > Also, free()ing memory should wipe it for security reasons, for example it > may help against the "RAM freezing hacks", in cases where the application > has already free()'d but not malloc()'d security relevant data; see also > Rene, Could you provide more info, such as CFLAGS used, CPUTYPE, and gcc --version please? Thanks, -Garrett