httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: rational behind not checking the return value of apr_palloc and apr_pcalloc
Date Fri, 03 Sep 2010 14:06:31 GMT
On 03 Sep 2010, at 3:58 PM, HyperHacker wrote:

> "first the attacker has to find  a way to reduce system memory to an
> almost oom condition"
> Say, by attacking several httpd threads and/or unrelated processes to
> get them to eat up memory.

At which point the child processes are terminated, and httpd spawns  
new children to replace them.

If an attacker has a way to trigger an OOM condition, that is a  
separate problem completely unrelated to the behavior of apr_pcalloc().


View raw message