On Thu, Apr 10, 2014 at 7:49 PM, Carlos Alberto Lopez Perez <[email protected]> wrote: > ""OpenSSL has exploit mitigation countermeasures to make sure its > exploitable"" http://article.gmane.org/gmane.os.openbsd.misc/211963 > > Leaving aside the personal (and questionable) opinions from Theo about > OpenSSL developers, I think he is right about that this malloc wrapper > looks quite bad. > > Probably without it the heartbleed bug won't have caused so much havoc, > or would have been detected earlier by some debugger. > > What's the stance of openssl developers on this? Will you get rid of > this wrapper?
Or maybe, make it optional, and allow 2 different builds i.e one with the in-built malloc for performance, and the other one that allows a package maintainer to use the system's malloc. > > > Regards! > -- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
