I think it would be unlikely because the httpd configuration data
would be read into memory early on the heap (and in a very low
volatile area where that memory wouldn't often be freed up), whereas
the heartbeat would be much later in the heap, and thus the buffer
overflow would very unlikely effec
Hi - I have a question regarding heartbleed and httpd configuration data
leakage.
Should someone have been exploting this bug, would it be possible that httpd
configuration data, derived via httpd confg files and in apache's memory, could
have been leaked out through these openssl malloc calls?
Thanks Didier.
I ran ldd and openssl/libssl doesn't show up in either the version of
Apache that is running (2.4.3) or the new version 2.4.9. I checked the
error log for the last restart as suggested by Katherine Manfre on this
list and the running version reports: OpenSSL/1.0.0-FIPS.
The
