$34,000 - Multiple eSign environments vulnerable to system memory leaks containing secrets and customer data due to public-facing actuator heapdump, env, and trace
I guess it goes to remind you if you are a developer, don't overlook the simple things like not exposing these endpoints in production (literally a line in a config file) or at least making them secured. TInt GetROMSize(TInt /*aDeviceNumber*/, TInt /*aAttrib*/, TBool /*aSet*/, TAny* aInOut)
{
TMemoryInfoV1 info;
TPckg<TMemoryInfoV1> infoPckg(info);
TInt r=UserSvr::HalFunction(EHalGroupKernel, EKernelHalMemoryInfo, (TAny*)&infoPckg, NULL);
if (r==KErrNone)
{
*(TInt*)aInOut=info.iTotalRomInBytes;
}
return r;
}
https://github.com/jayphelps/git-blame-someone-else/graphs/c...