curl / Mailing Lists / curl-library / Single Mail


Re: libcurl leaks information in freed memory

From: Daniel Gustafsson via curl-library <>
Date: Fri, 19 Oct 2018 14:19:46 +0200

> On 19 Oct 2018, at 10:55, Gabriel Zachmann via curl-library <> wrote:
> On 19.10.18 08:58, Gabriel Zachmann via curl-library wrote:
>> get the length. But yes, if all allocated memory should be freed, we have to keep track of the size. A simple way to do so is using an custom allocator that allocates more memory as requested and saves the size in the memory before the pointer it returns.
> I attached some code that should be capable of doing so.

Even with this approach, this is shrinking the window rather than eliminating
it, as pointed out by Colin Percival in the linked article upthread.

Since this is an attack which require local privilege escalation to work,
aren’t we fighting an uphill battle as a rogue root just as well can set a
breakpoint in your process and steal credentials before memory is cleared?

Now, I’m not saying that we shouldn’t do what we can to scrub memory in some
cases, we probably should. But, we need to start by identifying which cases
that are important, why they are important and to which end we are doing it.

cheers ./daniel
Received on 2018-10-19