Bug report

[Cosmin Moldovan]

Im not sure about the correct usage pattern of the stack structures, but I think that this is a bug, 
found in openssl 0.9.7d, in crypto/stack/stack.c. The function sk_insert does not initialize the 
newly allocated pointers, when it reallocs the data array (lines 146-154).
This behaviour ist not consistent with that of sk_new, which initializes the array (lines 128-129).
Client code that relies on the first unused pointer in the stack being null (this is the case, as 
long as the array is not reallocated), will access an invalid pointer.
Can you confirm this problem ?

Cheers
Cosmin
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]