> Please don't forget the enc_read.c bug fix.
> From: Michael Rayment <[EMAIL PROTECTED]>
> Subject: [ssl-bugs] Possible bug in crypto/des/enc_read.c
> Date: Mon, 15 Feb 1999 00:45:01 -0330
> I am using enc_read.c and enc_write.c to easily read and write data into
> and from an encrypted file. I am reading and writing in large buffer sizes
> and came across what appears to be a bug in the enc_read.c routine.
> I added a few lines of code so that it would work [...]
> *** enc_read.c Sat Sep 12 14:19:38 1998
> --- enc_read.c.org Thu Apr 9 09:29:29 1998
[...]
> /* We need to get more data. */
> ! /* if (len > MAXWRITE) len=MAXWRITE; */
> ! excess = 0;
> ! while (len > MAXWRITE) {
> ! i = des_enc_read(fd, buf, MAXWRITE, sched, iv);
> ! buf += i;
> ! len -= i;
> ! excess += i;
> ! }
[...]
> ! return((int)num + excess);
Was that really a bug? I would not think so, and certainly the
proposed fix is not correct (the recursive call to des_enc_read can
return 0 because of either EOF, some real error or EWOULDBLOCK).
The original version of des_enc_read (with
if (len > MAXWRITE) len=MAXWRITE;
) makes complete sense if you insist that the caller check the return
value; and on that you have to insist for obvious reasons.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
