I'm looking at that code, and I can't quite understand my own logic. Intuitively, I'd say that on line 397, the test of filespec1 should be removed, period, leaving only the test of dso.
Thoughts? Cheers, Richard In message <[EMAIL PROTECTED]> on Wed, 09 Apr 2008 11:44:17 -0400, Brad House <[EMAIL PROTECTED]> said: brad> I'd have to look at the context of what is actually happening brad> here but it looks like by intention, filespec1 should be allowed brad> to be NULL as it can be retrieved from dso, but I see no additional brad> sanity checks for filespec2, most likely, I would assume, the brad> filespec1 reference on line 397 should _actually_ be filespec2, but brad> again, that's just a cursory look (without evaluating how DSO_merge brad> is actually called). brad> brad> -Brad brad> brad> Salivar.William wrote: brad> > That is what I got out of it. What is the process for getting code issues submitted and resolved for OpenSSL? brad> > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Sendroiu Eugen brad> > *Sent:* Wednesday, April 09, 2008 4:41 AM brad> > *To:* [email protected] brad> > *Subject:* Re: Interesting logic in dso_lib.c (libcrypto) brad> > If filespec1 is NULL, it doesn't matter what dso is, it will not pass the first if, so the latter checks for dso and filespec1 are useless. brad> > ================================== brad> > Eugen Sendroiu brad> > Address: str. Horia nr 3, brad> > bl a8, sc 2, ap 7, Craiova brad> > Dolj - 200490, Romania brad> > Home : +40(0)351 401134 brad> > Mobile : +40(0)743 055244 brad> > +40(0)730 006760 brad> > E-mail : [EMAIL PROTECTED] brad> > [EMAIL PROTECTED] brad> > =================================== brad> > ----- Original Message ---- brad> > From: Michael Saladin <[EMAIL PROTECTED]> brad> > To: [email protected] brad> > Sent: Wednesday, April 9, 2008 9:06:14 AM brad> > Subject: RE: Interesting logic in dso_lib.c (libcrypto) brad> > The first 'if' just guarantees that dso OR filespec1 are not NULL, each of those parameters could be NULL individually. brad> > ------------------------------------------------------------------------ brad> > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Salivar.William brad> > *Sent:* Mittwoch, 9. April 2008 00:04 brad> > *To:* [email protected] brad> > *Subject:* Interesting logic in dso_lib.c (libcrypto) brad> > The first ¡if¢ guarantees that filespec1 will not be NULL. And yet there are two tests for NULL in the code following the ¡if¢. This is from OpenSSL 0.9.8g. brad> > *393 * char *DSO_merge <http://engapp30:5467/cov.cgi?clicked=1&events=845739&line=0&prec=%2Fcov.cgi%3Fc%3DAAAAAADA7g%26hstate%3D1%26owner%3D86%26q%3D6%26runs%3D95%26t%3D6%26v%3D1&run=95&t=12&v=1&xref=637&lxfile=45002>(DSO <http://engapp30:5467/cov.cgi?clicked=1&events=845739&line=0&prec=%2Fcov.cgi%3Fc%3DAAAAAADA7g%26hstate%3D1%26owner%3D86%26q%3D6%26runs%3D95%26t%3D6%26v%3D1&run=95&t=12&v=1&xref=638&lxfile=45002> *dso, const char *filespec1, const char *filespec2) brad> > *394 * { brad> > *395 * char *result <http://engapp30:5467/cov.cgi?clicked=1&events=845739&line=0&prec=%2Fcov.cgi%3Fc%3DAAAAAADA7g%26hstate%3D1%26owner%3D86%26q%3D6%26runs%3D95%26t%3D6%26v%3D1&run=95&t=12&v=1&xref=642&lxfile=45002> = NULL; brad> > *396 * Event *cannot_single*: After this line (or expression), the value of "filespec1" cannot be 0 brad> > 397 if(dso == NULL || filespec1 == NULL) brad> > *398 * { brad> > *399 * DSOerr(DSO_F_DSO_MERGE,ERR_R_PASSED_NULL_PARAMETER); brad> > *400 * brad> > * * return(NULL); brad> > *401 * } brad> > Event *dead_error_condition*: On this path, the condition "filespec1 == 0" could not be true brad> > 402 if(filespec1 <http://engapp30:5467/cov.cgi?clicked=1&events=845739&line=0&prec=%2Fcov.cgi%3Fc%3DAAAAAADA7g%26hstate%3D1%26owner%3D86%26q%3D6%26runs%3D95%26t%3D6%26v%3D1&run=95&t=12&v=1&xref=662&lxfile=45002> == NULL) brad> > Event *dead_error_line*: Cannot reach this line of code, beginning "dso" brad> > 403 filespec1 <http://engapp30:5467/cov.cgi?clicked=1&events=845739&line=0&prec=%2Fcov.cgi%3Fc%3DAAAAAADA7g%26hstate%3D1%26owner%3D86%26q%3D6%26runs%3D95%26t%3D6%26v%3D1&run=95&t=12&v=1&xref=665&lxfile=45002> = dso->filename; brad> > *404 * if(filespec1 <http://engapp30:5467/cov.cgi?clicked=1&events=845739&line=0&prec=%2Fcov.cgi%3Fc%3DAAAAAADA7g%26hstate%3D1%26owner%3D86%26q%3D6%26runs%3D95%26t%3D6%26v%3D1&run=95&t=12&v=1&xref=668&lxfile=45002> == NULL) brad> > *405 * { brad> > *406 * DSOerr(DSO_F_DSO_MERGE,DSO_R_NO_FILE_SPECIFICATION); brad> > *407 * return(NULL); brad> > *408 * brad> > * * } brad> > *409 * if((dso->flags <http://engapp30:5467/cov.cgi?clicked=1&events=845739&line=0&prec=%2Fcov.cgi%3Fc%3DAAAAAADA7g%26hstate%3D1%26owner%3D86%26q%3D6%26runs%3D95%26t%3D6%26v%3D1&run=95&t=12&v=1&xref=682&lxfile=45002> & DSO_FLAG_NO_NAME_TRANSLATION <http://engapp30:5467/cov.cgi?clicked=1&events=845739&line=0&prec=%2Fcov.cgi%3Fc%3DAAAAAADA7g%26hstate%3D1%26owner%3D86%26q%3D6%26runs%3D95%26t%3D6%26v%3D1&run=95&t=12&v=1&xref=683&lxfile=45002>) == 0) brad> > *410 * { brad> > *411 * if(dso->merger <http://engapp30:5467/cov.cgi?clicked=1&events=845739&line=0&prec=%2Fcov.cgi%3Fc%3DAAAAAADA7g%26hstate%3D1%26owner%3D86%26q%3D6%26runs%3D95%26t%3D6%26v%3D1&run=95&t=12&v=1&xref=685&lxfile=45002> != NULL <http://engapp30:5467/cov.cgi?clicked=1&events=845739&line=0&prec=%2Fcov.cgi%3Fc%3DAAAAAADA7g%26hstate%3D1%26owner%3D86%26q%3D6%26runs%3D95%26t%3D6%26v%3D1&run=95&t=12&v=1&xref=686&lxfile=45002>) brad> > *412 * result = dso->merger(dso, filespec1, filespec2 <http://engapp30:5467/cov.cgi?clicked=1&events=845739&line=0&prec=%2Fcov.cgi%3Fc%3DAAAAAADA7g%26hstate%3D1%26owner%3D86%26q%3D6%26runs%3D95%26t%3D6%26v%3D1&run=95&t=12&v=1&xref=693&lxfile=45002>); brad> > *413 * else if(dso->meth->dso_merger <http://engapp30:5467/cov.cgi?clicked=1&events=845739&line=0&prec=%2Fcov.cgi%3Fc%3DAAAAAADA7g%26hstate%3D1%26owner%3D86%26q%3D6%26runs%3D95%26t%3D6%26v%3D1&run=95&t=12&v=1&xref=696&lxfile=45002> != NULL) brad> > *414 * result = dso->meth <http://engapp30:5467/cov.cgi?clicked=1&events=845739&line=0&prec=%2Fcov.cgi%3Fc%3DAAAAAADA7g%26hstate%3D1%26owner%3D86%26q%3D6%26runs%3D95%26t%3D6%26v%3D1&run=95&t=12&v=1&xref=701&lxfile=45002>->dso_merger(dso, brad> > *415 * filespec1, filespec2); brad> > *416 * } brad> > *417 * return(result); brad> > *418 * } ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
