I think it would be unlikely because the httpd configuration data would be read into memory early on the heap (and in a very low volatile area where that memory wouldn't often be freed up), whereas the heartbeat would be much later in the heap, and thus the buffer overflow would very unlikely effect it.
You might get a more definitive answer CCing the developer distro...since this really isn't a simple "configuration and support" question....but they might just ignore the non-dev question. If you get the answer off list, please update =) S On Sat, Apr 12, 2014 at 1:55 PM, mi2 co2 <techline1...@hotmail.com> wrote: > Hi - I have a question regarding heartbleed and httpd configuration data > leakage. > > Should someone have been exploting this bug, would it be possible that httpd > configuration data, derived via httpd confg files and in apache's memory, > could have been leaked out through these openssl malloc calls? Or is the > memory space those malloc calls for the openssl encryption/decryption layer > isolated from the memory where httpd configuration would be stored? > > thanks --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
