On Thu, 2021-08-19 at 15:27 -0300, Bruno Meneguele wrote: > On Thu, Aug 19, 2021 at 09:12:25PM +0300, Vitaly Chikunov wrote: > > > > @@ -215,7 +236,10 @@ static unsigned char *file2bin(const char *file, const char *ext, int *size) > > > > } > > > > len = stats.st_size; > > > > > > > > - data = malloc(len); > > > > + if (secure) > > > > + data = OPENSSL_secure_malloc(len); > > > > + else > > > > + data = malloc(len); > > > > > > Without being able to apply the patch, it's hard to tell if there > > > should be a preparatory patch that first replaces malloc() with > > > OPENSSL_malloc(), and other similar changes. > > > > There is no OPENSSL_malloc use and I don't see why it should be. > > > > Keeping the OPENSSL_* calls as a meaning of "secure calls" while keeping > the standard C library calls for "non-secure" seems indeed cleaner. Ok thanks, Mimi
