From owner-svn-src-head@FreeBSD.ORG Mon Mar 30 10:18:57 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8A4D510656C8; Mon, 30 Mar 2009 10:18:57 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from mail16.syd.optusnet.com.au (mail16.syd.optusnet.com.au [211.29.132.197]) by mx1.freebsd.org (Postfix) with ESMTP id 73BF68FC17; Mon, 30 Mar 2009 10:18:54 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from server.vk2pj.dyndns.org (c122-106-216-167.belrs3.nsw.optusnet.com.au [122.106.216.167]) by mail16.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n2UAIpPr014572 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 30 Mar 2009 21:18:51 +1100 X-Bogosity: Ham, spamicity=0.000000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.14.3/8.14.3) with ESMTP id n2UAIoAR031844; Mon, 30 Mar 2009 21:18:50 +1100 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.14.3/8.14.3/Submit) id n2UAIoGB031843; Mon, 30 Mar 2009 21:18:50 +1100 (EST) (envelope-from peter) Date: Mon, 30 Mar 2009 21:18:50 +1100 From: user@vk2pj.dyndns.org To: Xin LI Message-ID: <20090330101850.GB31695@server.vk2pj.dyndns.org> References: <200903280400.n2S40kW1083700@svn.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="aT9PWwzfKXlsBJM1" Content-Disposition: inline In-Reply-To: <200903280400.n2S40kW1083700@svn.freebsd.org> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.19 (2009-01-05) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r190482 - in head/lib/libc/db: . btree hash mpool X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Mar 2009 10:18:58 -0000 --aT9PWwzfKXlsBJM1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Xin, On 2009-Mar-28 04:00:46 +0000, Xin LI wrote: >Log: > When allocating memory, zero out them if we don't intend to overwrite th= em > all; before freeing memory, zero out them before we release it as free > heap. This will eliminate some potential information leak issue. Given that db runs with the same privileges as the process using it, I don't see how zeroing memory eliminates any information leak - the process can directly open and read the underlying db file itself. Zeroing on allocation may fix any potential issue with uninitialised structures and prevent the return of garbage in "holes" but that's not an information leak. --=20 Peter Jeremy --aT9PWwzfKXlsBJM1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iEYEARECAAYFAknQnIoACgkQ/opHv/APuIdbAwCfe30BopQQQEEDgQpuI9LrlXrD g5IAoJcvWJMubXmy0QGhVeeTSLDoKhXt =/Veu -----END PGP SIGNATURE----- --aT9PWwzfKXlsBJM1--