#3831: Crash Bug due to unchecked SSL_CTX_new
-----------------------+----------------------
Reporter: yujokang | Owner: mutt-dev
Type: defect | Status: reopened
Priority: major | Milestone:
Component: crypto | Version: 1.6.0
Resolution: | Keywords:
-----------------------+----------------------
Comment (by code@…):
{{{
Sure... For what it's worth, I was mostly speaking generally about the
class of bug, rather than about this specific bug. That said, the
libraries Mutt uses to provide SSL/TLS are written in C, so presumably
there are some global context structures that could be examined by an
expert, in OpenSSL or GNU TLS, that could potentially reveal something
interesting. I'm not especially familiar with either library so I'm
not sure about that.
My comments were mostly meant to address the issue of whether this
class of bug is worth expending significant effort on, rather than the
merits of this bug specifically. Crashes are not necessarily
inherently bad... This bug was filed as a major defect but it's not
clear to me that that's actually true, and seems likely that it is not.
}}}
--
Ticket URL: <https://dev.mutt.org/trac/ticket/3831#comment:5>
Mutt <http://www.mutt.org/>
The Mutt mail user agent
