On Mon, Mar 06, 2017 at 07:19:00PM +0100, [email protected] wrote: > Your read my response one minute too early. The right path is in the > second email I sent. Sorry.
Thierry, please look below : > On Mon, 6 Mar 2017 18:38:30 +0100 > Willy Tarreau <[email protected]> wrote: > > > And below : > > > > > + if (len < rec_len + 4) > > > + return; > > > + msg += 4; > > > + end = msg + rec_len; > > > + if (end <= msg) > > > + return; > > > > This one was still not fixed :-( This > > > > > + > > > + /* Expect 2 bytes for protocol version (1 byte for major and 1 byte > > > + * for minor, the random, composed by 4 bytes for the unix time and > > > + * 28 bytes for unix payload, and them 1 byte for the session id. So > > > + * we jump 1 + 1 + 4 + 28 + 1 bytes. > > > + */ > > > + msg += 1 + 1 + 4 + 28 + 1; > > > + if (msg >= end) > > > + return; > > > > This one neither :-( And this. And now below, your latest patch : > From c0bf9fcf4e78d65641a589083ddca14377c620fd Mon Sep 17 00:00:00 2001 > From: Thierry FOURNIER <[email protected]> > Date: Sat, 25 Feb 2017 12:45:22 +0100 > Subject: [PATCH 2/2] MEDIUM: ssl: add new sample-fetch which captures the > cipherlist > (...) > + msg += 4; > + end = msg + rec_len; > + if (end <= msg) > + return; This. > + /* Expect 2 bytes for protocol version (1 byte for major and 1 byte > + * for minor, the random, composed by 4 bytes for the unix time and > + * 28 bytes for unix payload, and them 1 byte for the session id. So > + * we jump 1 + 1 + 4 + 28 + 1 bytes. > + */ > + msg += 1 + 1 + 4 + 28 + 1; > + if (msg >= end) > + return; And this. As you can see, these ones were left unchanged. It's the 4th (5th?) time I'm reading the whole patch to check if all comments were properly addressed. That's not acceptable. As you know I'm fine if you disagree with my comments and just say that I'm wrong or to go f*ck myself because I'm too retarded to read your code, that's perfect. But what really irritates me is that I spend a lot of time reading code and making comments twice (three times with this one) and this time is a pure waste because you didn't even *read* them. This is exactly what discourages anyone from reviewing code. *all points* in a review have to be addressed or contested. By sending the "fixed" version you claim that you addressed everything which is false. That's really bad because now I don't trust your patches anymore and I have to read them fully again just in case you developped them in a hurry. If you don't have time, I prefer that you say that you'll post an update later than making me read the same unfixed code multiple times :-( Willy
