Re: [Evolution-hackers] Small patch (security related) for the camel pop3 provider
- From: Not Zed <notzed ximian com>
- To: Philip Van Hoof <spamfrommailing freax org>
- Cc: evolution-hackers ximian com
- Subject: Re: [Evolution-hackers] Small patch (security related) for the camel pop3 provider
- Date: 31 Jul 2003 17:28:07 -0400
Well it would only be a problem if the memory was later used for an i/o
buffer and some of it got out. But an i/o buffer using uninitialised
memory i'd consider a pretty big bug/potential security issue anyway.
I guess it wouldn't really hurt anyway ... I guess we'd put any such
patch in.
On Thu, 2003-07-31 at 13:50, Philip Van Hoof wrote:
> Hi there,
>
> While reading the camel-pop3 provider to learn about it and use it for
> the SIEVE protocol that I am planning to do, I noticed a tiny little
> issue.
>
> The memory where the password of the user was stored only gets free't,
> not memset()'t.
>
> I am not sure what most operating systems do but I don't think that they
> reset the memory of a free't area, meaning that the password is left
> unprotected in the memory. One once told me that you must memset it
> before free-ing.
>
> Well, I am not sure.. perhaps this little patch is totally 'not' what
> you should do. If it is, then I guess it needs to be fixed in most camel
> providers that use authentication.
>
>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]