On Thu, Apr 10, 2014 at 07:05:42PM +0000, Miod Vallat wrote: > > Piotr Sikora pointed me at a more refined diff for the buffer release > > issue. Apply that version. Maybe someday upstream will wake up and then > > we can have the same code. > > https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest > > Given how trivial one-liner fixes such as #2569 have remained unfixed > for 2.5+ years, one can only assume that OpenSSL's bug tracker is only > used to park bugs, not fix them. >
Time to go through all open tickets and check if there are one-liners still pending for input processing with missing bound checks :-) -- Gilles Chehade https://www.poolp.org @poolpOrg
