On Tue, Sep 16, 2014 at 9:09 PM, Notes Jonny <jong...@gmail.com> wrote: > Hello > I had a quick look at httpd 2.4.10 (couldn't find on the website how to site > how to checkout the trunk) > > http://httpd.apache.org/docs/trunk/ > > Taking this file as an example: > > httpd-2.4.10/modules/ssl/ssl_engine_init.c > > 1) Doesn't check make_dh_params() "prime" is a non-NULL valid function > pointer. > > 2) DH *modssl_get_dh_params(unsigned keylen). > "keylen" doesn't have a type. better to write "unsigned int keylen" > > 3) ssl_add_version_components() doesn't check "s" and "p" are valid non-NULL > parameters before using them. > > 4) ssl_add_version_components() "modver" "incver" "libver" should probably > be "const char *" > > 5) ssl_init_Module() all pointer params should be checked to be non-NULL, > and an appropriate error apr_status_t returned (something other than > APR_SUCCESS) > > In my view, worth making these changes. You may already be familiar with > ISO/IEC TR 24772 which covers these kind of things. > > Regards, Jonny
Hello Would a patch be supported to add these improvements?