Bodo Moeller wrote: > On Wed, Aug 14, 2002 at 03:39:03PM +0100, Ben Laurie wrote: > > >>So how did the buffer get to be too small? > > > Well, in one of the cases it was improper protocol data checking > (fixed in 0.9.6f). The others should really be impossible, but if > they ever become possible, this most likely is because of changes to > OpenSSL that are done without thinking of all the ramifications > (e.g. new ciphersuites that require larger buffers for certain > purposes). > > > >> I propose we have a compile >>time flag that determines whether impossible conditions are fatal or >>return errors, > > > Go ahead, compile time flags are how we usually handle such things in > OpenSSL -- e.g. you can define BN_DEBUG to enable certain assertions > that detect situations where memory is really corrupted.
Good. Now we have to debate what the default setting of the flag is. I propose, naturally, that it should be set to cause death on internal errors. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ Available for contract work. "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]