On 24 Mar 2011, at 07:06, Phil Pennock <[email protected]> wrote:
> > Should we also just memset() the plaintext buffer to fill it with \0 > content at the point that TLS is started, always? After all, even > without a data-past-TLS, a pipelined NOOP command with attack-code as > its parameter, immediately followed by STARTTLS as the terminal of the > pipeline would also leave shellcode in an available buffer. Fortunately > the input buffer is malloc()d, so not fixed in location; however, with > many systems using OS distribution configs, the memory allocations might > be semi-predictable, leaving a common set of candidate locations It's probably worth doing since it's easy and cheap Nigel [Sent from a mobile device - apologies for brevity and spelling] -- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
