著者: Nigel Metheringham 日付: To: Phil Pennock CC: Exim-dev@exim.org 題目: Re: [exim-dev] STARTTLS belt & braces
On 24 Mar 2011, at 07:06, Phil Pennock <exim-dev@???> wrote:
>
> Should we also just memset() the plaintext buffer to fill it with \0
> content at the point that TLS is started, always? After all, even
> without a data-past-TLS, a pipelined NOOP command with attack-code as
> its parameter, immediately followed by STARTTLS as the terminal of the
> pipeline would also leave shellcode in an available buffer. Fortunately
> the input buffer is malloc()d, so not fixed in location; however, with
> many systems using OS distribution configs, the memory allocations might
> be semi-predictable, leaving a common set of candidate locations
It's probably worth doing since it's easy and cheap
Nigel
[Sent from a mobile device - apologies for brevity and spelling]