Re: [exim-dev] STARTTLS belt & braces

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: Phil Pennock
CC: Exim-dev@exim.org
Subject: Re: [exim-dev] STARTTLS belt & braces

On 24 Mar 2011, at 07:06, Phil Pennock <exim-dev@???> wrote:

>
> Should we also just memset() the plaintext buffer to fill it with \0
> content at the point that TLS is started, always? After all, even
> without a data-past-TLS, a pipelined NOOP command with attack-code as
> its parameter, immediately followed by STARTTLS as the terminal of the
> pipeline would also leave shellcode in an available buffer. Fortunately
> the input buffer is malloc()d, so not fixed in location; however, with
> many systems using OS distribution configs, the memory allocations might
> be semi-predictable, leaving a common set of candidate locations


It's probably worth doing since it's easy and cheap

Nigel


[Sent from a mobile device - apologies for brevity and spelling]