[openssl-users] Initialising OpenSSL more than once - how do we handle this?
martygalyean at gmail.com
Mon Jul 30 18:08:08 UTC 2018
On 07/30/2018 01:27 PM, Salz, Rich via openssl-users wrote:
> > I never thought I'd see the day that someone would have to defend
> not leaking memory in pivotal security code like openssl however
> To be accurate, it was a couple of people saying that memory leaks *on
> process exit* aren’t be a big deal.
Fair enough, but it is my understanding that some RTOSes do not
necessarily dealloc all memory alloc'd by a proc on proc exit. So why
not just have a rule "don't litter" instead of having complicated rules
of when it is "probably ok to litter"? Exploits nearly always leverage
something programmers didn't anticipate or happens in a layer they are
relying on but not directly coding so it seems fairly clear that the
best path is to reduce those unknowns by explicitly cleaning up. Taking
the time to track down a memory leak rarely results in merely fixing a
memory leak; usually another programming misstep is also found in
conjunction with the leak. Just my $0.02
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users