In message <000601c291fc$73eca570$0701a8c0@Michael> on Fri, 22 Nov 2002 15:54:53
+0800, "Michael Lee" <[EMAIL PROTECTED]> said:
mlee> > A fairly recent problem report (PR 343 in our bugs database) proves to
mlee> > be a showstopper. It mentions that 'memset(ptr, 0, n)' may not happen
mlee> > if the compiler is modern and "smart".
mlee>
mlee> Can you elaborate more? I use memset() that way quite often and I am
mlee> interested to know if it implies potential problems in the code I have
mlee> written. Thanks!
Yes, you may have a problem. Although someone explained to me, after
I made my decision to postpone, that this only should happen for
automatic variables (local function variables), when their address is
passed to memset(). I still see it as a problem, since the data then
potentially sticks around for a longer time, and is therefore
retrievable for anyone who cracked root if that would happen.
--
Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
