| Title | No easy way to automatically clear freed memory |
| Status | open |
| Priority | nice |
| Assigned user | Gareth Rees |
| Organization | Ravenbrook |
| Description | It is sometimes a security requirement that freed data not be visible via freshly allocated memory. The Heartbleed bug [1] happened because OPENSSL_malloc returned a pointer to a buffer that contained previously used (and freed) data. The MPS has the capability to clear freed memory, but the capability is hidden away in the "debugging" pool classes (and not all pool classes have debugging counterparts anyway). |
| Analysis | Add capability for clearing freed memory. Perhaps a new keyword argument to arena_create? |
| How found | inspection |
| Evidence | [1] <http://heartbleed.com/> |
| Created by | Gareth Rees |
| Created on | 2014-04-14 13:11:29 |
| Last modified by | Gareth Rees |
| Last modified on | 2014-04-17 12:56:54 |
| History | 2014-04-14 GDR Created. |