[dovecot-cvs] dovecot/doc securecoding.txt,1.2,1.3
cras at dovecot.org
cras at dovecot.org
Sun Jan 22 21:59:24 EET 2006
Update of /var/lib/cvs/dovecot/doc
In directory talvi:/tmp/cvs-serv27147
Modified Files:
securecoding.txt
Log Message:
Added something about setting freed pointers to NULL.
Index: securecoding.txt
===================================================================
RCS file: /var/lib/cvs/dovecot/doc/securecoding.txt,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- securecoding.txt 14 Jan 2006 15:14:38 -0000 1.2
+++ securecoding.txt 22 Jan 2006 19:59:21 -0000 1.3
@@ -86,6 +86,15 @@
See lib/mempool.h
+Deinitialize safely
+-------------------
+
+Whenever you free a pointer, set it to NULL. That way if you accidentally
+try to free it again, it's less likely to cause a security hole. Dovecot
+does this automatically with most of its free() calls, but you should also
+make it a habit of making all your _destroy() functions take a
+pointer-to-pointer parameter which you set to NULL.
+
Don't Keep Secrets
------------------
More information about the dovecot-cvs
mailing list