On Thu, Apr 10, 2014 at 12:46:23PM -0400, Salz, Rich wrote: > We've been compiling -DOPENSSL_NO_BUF_FREELISTS forever. Our only complaint > is that the BUF is misspelled :) > > Theo can be obnoxious. This should not be news to most folks.
Read what Ted wrote. There's is a use after free if you -DOPENSSL_NO_BUF_FREELISTS It would have been spotted by OpenBSD's malloc. http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse -Otto ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org