In message <[EMAIL PROTECTED]> on Thu, 07 Aug 2003 11:12:59 +0100, Martin Kochanski
<[EMAIL PROTECTED]> said:
cardbox> Beautiful. Thank you for the quick response.
cardbox>
cardbox> That'll work until MS put a dummy CloseToolhelp32Snapshot
cardbox> call into the main Windows DLLs and then tell you you mustn't
cardbox> call it... [joke, I hope].
I should have said "don't say it" :-).
cardbox> You'd better be consistent between the name of the variable
cardbox> you set (snap_close) and the name of the variable you call
cardbox> (close_snap).
Thanks for seeing that. As you may have seen by now, I fixed that
inconsistency.
cardbox> As for the Windows 2003 Server crash: I agree that disabling
cardbox> sections of code is a Bad Thing. What I've done (pending more
cardbox> people researching the problem) is to put
cardbox> BOOL bMJKGotRandomness=FALSE;
cardbox> at the start of RAND_poll
cardbox> bMJKGotRandomness=TRUE;
cardbox> when either of the CryptGenRandom calls succeeds. Then
cardbox> if (kernel)
cardbox> can become
cardbox> if (!bMJKGotRandomness && kernel)
cardbox>
cardbox> ... which seems a reasonably conservative way round the
cardbox> problem. [The variable name isn't vanity, it's just that I
cardbox> want to be able to recognise my own code so I know what
cardbox> patches to re-apply to later releases of OpenSSL].
OK, I'll look at that later today.
cardbox> For those who are trying to reproduce the bug: I wonder if
cardbox> perhaps MS have decided that ToolHelp is too powerful to be
cardbox> safe and have started requiring that you have some sort of
cardbox> special permissions to access it. This is just a thought in
cardbox> case the bug turns out to be hard to reproduce.
Hmm, again, I think "don't say it..." applies again. The gods may
have a wry sense of humor today, and you may get what you wish for
(regardless of whether you actually do or don't).
*sacrifices a rubber ducky on a VAX altar*
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
