[dovecot-cvs] dovecot/src/login-common login-proxy.c, 1.15, 1.16 main.c, 1.44, 1.45 master.c, 1.22, 1.23 ssl-proxy-gnutls.c, 1.14, 1.15 ssl-proxy-openssl.c, 1.53, 1.54
tss at dovecot.org
tss at dovecot.org
Sun Mar 18 04:40:31 EET 2007
Update of /var/lib/cvs/dovecot/src/login-common
In directory talvi:/tmp/cvs-serv12203/login-common
Modified Files:
login-proxy.c main.c master.c ssl-proxy-gnutls.c
ssl-proxy-openssl.c
Log Message:
Set login process's default_pool to system_clean_pool. Changed some
default_pool usages to system_pool directly where the cleaning doesn't
matter.
Index: login-proxy.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/login-common/login-proxy.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -d -r1.15 -r1.16
--- login-proxy.c 21 Jan 2007 10:35:23 -0000 1.15
+++ login-proxy.c 18 Mar 2007 02:40:28 -0000 1.16
@@ -268,7 +268,7 @@
proxy->context = NULL;
if (login_proxies == NULL) {
- login_proxies = hash_create(default_pool, default_pool,
+ login_proxies = hash_create(system_pool, system_pool,
0, NULL, NULL);
}
hash_insert(login_proxies, proxy, proxy);
Index: main.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/login-common/main.c,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -d -r1.44 -r1.45
--- main.c 18 Mar 2007 02:01:01 -0000 1.44
+++ main.c 18 Mar 2007 02:40:28 -0000 1.45
@@ -365,6 +365,12 @@
if (!is_inetd && getenv("GDB") == NULL)
fd_debug_verify_leaks(4, 1024);
#endif
+ /* clear all allocated memory before freeing it. this makes the login
+ processes pretty safe to reuse for new connections since the
+ attacker won't be able to find anything interesting from the
+ memory. */
+ default_pool = system_clean_pool;
+
/* NOTE: we start rooted, so keep the code minimal until
restrict_access_by_env() is called */
lib_init();
Index: master.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/login-common/master.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- master.c 15 Mar 2007 16:52:09 -0000 1.22
+++ master.c 18 Mar 2007 02:40:28 -0000 1.23
@@ -255,7 +255,7 @@
main_ref();
master_fd = fd;
- master_requests = hash_create(default_pool, default_pool,
+ master_requests = hash_create(system_pool, system_pool,
0, NULL, NULL);
master_pos = 0;
Index: ssl-proxy-gnutls.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/login-common/ssl-proxy-gnutls.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- ssl-proxy-gnutls.c 15 Dec 2006 18:38:23 -0000 1.14
+++ ssl-proxy-gnutls.c 18 Mar 2007 02:40:28 -0000 1.15
@@ -518,7 +518,7 @@
gnutls_certificate_set_dh_params(x509_cred, dh_params);
gnutls_certificate_set_rsa_export_params(x509_cred, rsa_params);
- ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL);
+ ssl_proxies = hash_create(system_pool, system_pool, 0, NULL, NULL);
ssl_initialized = TRUE;
}
Index: ssl-proxy-openssl.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/login-common/ssl-proxy-openssl.c,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -d -r1.53 -r1.54
--- ssl-proxy-openssl.c 15 Mar 2007 16:52:09 -0000 1.53
+++ ssl-proxy-openssl.c 18 Mar 2007 02:40:28 -0000 1.54
@@ -747,7 +747,7 @@
initialized though. */
(void)RAND_bytes(&buf, 1);
- ssl_proxies = hash_create(default_pool, default_pool, 0, NULL, NULL);
+ ssl_proxies = hash_create(system_pool, system_pool, 0, NULL, NULL);
ssl_initialized = TRUE;
}
More information about the dovecot-cvs
mailing list