Ruediger Pluem <[email protected]> writes: > On 10/26/2009 01:37 PM, Dan Poirier wrote: >> [email protected] writes: >> >>> Author: jorton >>> Date: Sun Oct 25 17:21:10 2009 >>> New Revision: 829619 >> ... >>> +const char *ssl_cmd_SSLStaplingResponseTimeSkew(cmd_parms *cmd, void *dcfg, >>> + const char *arg) >>> +{ >>> + SSLSrvConfigRec *sc = mySrvConfig(cmd->server); >>> + sc->server->stapling_resptime_skew = atoi(arg); >>> + if (sc->server->stapling_resptime_skew < 0) { >>> + return "SSLstapling_resptime_skew: invalid argument"; >>> + } >>> + return NULL; >>> +} >> >> Shouldn't we check these arguments for validity before using them, >> rather than after? > > Where do we use them so far? > The are the functions to process the directives.
I meant that we assign a new value to the configuration before we know whether that new value is valid. It now occurs to me that while the code in isolation looks suspicious, returning an error means the server won't start, so the point is moot. Never mind. Dan
