Michael Van Canneyt wrote:
On Fri, 11 Apr 2014, Mark Morgan Lloyd wrote:
Is my understanding correct that when a string or a dynamic array is
extended it might result in its existing content being released to the
heap?
If so, is it possible to ensure that this is zeroed or randomised
first, without having to do it manually?
Currently not, although such behaviour could easile be introduced as an
option.
Current HeartBleed frenzy getting you (or your bosses) scared ? :)
:-) No, but I don't think enough people are focussing on the real
problem which is that the OpenSSL developers were letting sensitive data
leak to the freelist.
If, when they wrote the code some years ago, they'd been rigorous in
their handling of passwords and private keys then the current bug-
introduced in 2012- would have been far less serious.
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
_______________________________________________
fpc-pascal maillist - fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
