Re: libcurl leaks information in freed memory
Date: Mon, 22 Oct 2018 12:51:01 +0200
On 10/22/18 12:05 PM, Petr Pisar via curl-library wrote:
> Actually would be possible to allow an application to supply an
> allocator and deallocator callbacks to libcurl via an option? This way
> the application could control the sensitive data storage. E.g. by
> allocating a memory from core-locked (non-swappable) region. It could
> also scrub the data from the memory instead of libcurl. The callback
> could also be used by underlying crypto library for storing session keys
> etc. In other words the application would become responsible for the
> safety measures. libcurl would only use the callbacks instead of a
> native allocator (if provided).
Sure. I don't know why I forgot about that option. I like that way and
think that's the way to go.
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature