curl / Mailing Lists / curl-library / Single Mail


Re: libcurl leaks information in freed memory

From: Gabriel Zachmann via curl-library <>
Date: Mon, 22 Oct 2018 12:51:01 +0200

On 10/22/18 12:05 PM, Petr Pisar via curl-library wrote:

> Actually would be possible to allow an application to supply an
> allocator and deallocator callbacks to libcurl via an option? This way
> the application could control the sensitive data storage. E.g. by
> allocating a memory from core-locked (non-swappable) region. It could
> also scrub the data from the memory instead of libcurl. The callback
> could also be used by underlying crypto library for storing session keys
> etc. In other words the application would become responsible for the
> safety measures. libcurl would only use the callbacks instead of a
> native allocator (if provided).

Sure. I don't know why I forgot about that option. I like that way and
think that's the way to go.



Received on 2018-10-22