On 07/30/2018 01:27 PM, Salz, Rich via openssl-users wrote:
> I never thought I'd see the day that someone would have to defend
not leaking memory in pivotal security code like openssl however
To be accurate, it was a couple of people saying that memory leaks *on
process exit* aren’t be a big deal.
Fair enough, but it is my understanding that some RTOSes do not
necessarily dealloc all memory alloc'd by a proc on proc exit. So why
not just have a rule "don't litter" instead of having complicated rules
of when it is "probably ok to litter"? Exploits nearly always leverage
something programmers didn't anticipate or happens in a layer they are
relying on but not directly coding so it seems fairly clear that the
best path is to reduce those unknowns by explicitly cleaning up. Taking
the time to track down a memory leak rarely results in merely fixing a
memory leak; usually another programming misstep is also found in
conjunction with the leak. Just my $0.02
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
