Well it would only be a problem if the memory was later used for an i/o buffer and some of it got out. But an i/o buffer using uninitialised memory i'd consider a pretty big bug/potential security issue anyway.
I guess it wouldn't really hurt anyway ... I guess we'd put any such patch in. On Thu, 2003-07-31 at 13:50, Philip Van Hoof wrote: > Hi there, > > While reading the camel-pop3 provider to learn about it and use it for > the SIEVE protocol that I am planning to do, I noticed a tiny little > issue. > > The memory where the password of the user was stored only gets free't, > not memset()'t. > > I am not sure what most operating systems do but I don't think that they > reset the memory of a free't area, meaning that the password is left > unprotected in the memory. One once told me that you must memset it > before free-ing. > > Well, I am not sure.. perhaps this little patch is totally 'not' what > you should do. If it is, then I guess it needs to be fixed in most camel > providers that use authentication. > > _______________________________________________ evolution-hackers maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution-hackers
