On 1/15/09, Jaakko Heinonen wrote:
>
> Hi,
>
> FreeBSD libc Berkeley DB can leak sensitive information to database
> files. The problem is that it writes uninitialized memory obtained from
> malloc(3) to database files.
>
> You can use this simple test program to reproduce the behavior:
>
> http:/
On Thu, Jan 15, 2009 at 05:21:42PM +0100, Arnar Mar Sig wrote:
> Would it not be better to remove the PURITY define all together and always
> have the memset()'s there or changing the malloc()s to calloc() if there is
> no special reason for the 0xFF in memset.
>
> Can anyone say they would rath
Would it not be better to remove the PURITY define all together and
always have the memset()'s there or changing the malloc()s to calloc()
if there is no special reason for the 0xFF in memset.
Can anyone say they would rather have the possibility of sensitive
information leek from every app
Hi,
FreeBSD libc Berkeley DB can leak sensitive information to database
files. The problem is that it writes uninitialized memory obtained from
malloc(3) to database files.
You can use this simple test program to reproduce the behavior:
http://www.saunalahti.fi/~jh3/dbtest.c
Run the program an
