* Ben Laurie: > Jonathan S. Shapiro wrote: >> Ben: I'm idly curious. Was this exceptionally unusual case where use of >> uninitialized memory was valid properly commented in the code?
It's mentioned in the manpage for a function that eventually calls the function that was (correctly) patched--through a function pointer. The incorrectly patched function looks somewhat parallel, but it's not. There is no local comment in the source code for this particular case of uninitialized memory access. > Well. Kinda. It didn't really explain why: > > i=fread(buf,1,n,in); > if (i <= 0) break; > /* even if n != i, use the full array */ > RAND_add(buf,n,(double)i); > > There is in theory a second place where it might used an uninitialised > buffer, but I think in practice that never happens. AFAIK, this piece of code is not really related and rarely used outside OpenSSL itself. And in the OpenSSL case, the fread call always overwrites the whole buffer, it seems. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
