https://issues.apache.org/bugzilla/show_bug.cgi?id=54468
--- Comment #6 from Christopher Schultz <ch...@christopherschultz.net> --- (In reply to comment #3) > You are suggesting C (C++) can morph the sizeof(str1) member when > it is explicitly declared? I think not... I wasn't suggesting that. I was suggesting that sizeof(member) isn't what you want when you really want to pass the maximum size of the buffer. Your code only works because 8 (the number returned on my system when I call sizeof(unsigned char *)) is less than the actual size of the buffer which is actually SHA_DIGEST_LENGTH (decimal 20). > You are confusing the sizeof operator with explicitly computing member > offsets; No, I'm not. You are confusing sizeof with strlen, which might cause a buffer overrun. > In any case, the reason for performing something like memcpy(x, sizeof(x)... > is that construct isn't subject to being patched again. The context_id > member > can be changed again and again without mauling that code anymore. I prefer > the > patch as submitted, for clarity. Please look again. This is in the call to SSL_set_session_id_context which accepts a pointer to the session id and a number of bytes that can be read. Your number of bytes is wrong: it is too short. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
