httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: half-OT: heartbleed CVE-2014-0160
Date Wed, 09 Apr 2014 12:19:33 GMT
On 09 Apr 2014, at 2:14 PM, Roman Drahtmueller <draht@suse.de> wrote:

> There have been some zero-before-free changes in mozilla-nss recently.
> It may be time to have object reuse issues in mind for both core and at 
> least the auth* modules.

The following function was added to apr-util to do that:

/**
 * @brief Register a cleanup to zero out the buffer provided
 * when the pool is cleaned up.
 *
 * @param pool - pool to register the cleanup
 * @param buffer - buffer to zero out
 * @param size - size of the buffer to zero out
 */
APU_DECLARE(apr_status_t) apr_crypto_clear(apr_pool_t *pool, void *buffer,
        apr_size_t size);

Regards,
Graham
--


Mime
View raw message