From: [EMAIL PROTECTED]
bodo> bodo 08-Apr-2001 15:47:55
bodo>
bodo> Modified: ssl s3_enc.c ssl.h ssl_err.c ssl_lib.c
bodo> Log:
bodo> Avoid assert() in the library.
bodo>
bodo> Revision Changes Path
bodo> 1.22 +10 -7 openssl/ssl/s3_enc.c
bodo> 1.105 +1 -0 openssl/ssl/ssl.h
bodo> 1.38 +1 -0 openssl/ssl/ssl_err.c
bodo> 1.93 +3 -1 openssl/ssl/ssl_lib.c
bodo>
bodo> Index: s3_enc.c
bodo> ===================================================================
bodo> RCS file: /e/openssl/cvs/openssl/ssl/s3_enc.c,v
bodo> retrieving revision 1.21
bodo> retrieving revision 1.22
bodo> diff -u -r1.21 -r1.22
bodo> --- s3_enc.c 2001/04/08 05:41:42 1.21
bodo> +++ s3_enc.c 2001/04/08 13:47:50 1.22
bodo> @@ -57,7 +57,6 @@
bodo> */
bodo>
bodo> #include <stdio.h>
bodo> -#include <assert.h>
bodo> #include <openssl/md5.h>
bodo> #include <openssl/sha.h>
bodo> #include <openssl/evp.h>
bodo> @@ -82,7 +81,7 @@
bodo> static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
bodo> const char *sender, int len, unsigned char *p);
bodo>
bodo> -static void ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
bodo> +static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
bodo> {
bodo> MD5_CTX m5;
bodo> SHA_CTX s1;
bodo> @@ -97,9 +96,13 @@
bodo> for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
bodo> {
bodo> k++;
bodo> - /* If this assert is triggered, it means buf needs to be
bodo> - resized. This should never be triggered in a release. */
bodo> - assert(k <= sizeof(buf));
bodo> + if (k > sizeof buf)
bodo> + {
bodo> + /* bug: 'buf' is too small for this ciphersuite */
bodo> + SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK,
ERR_R_INTERNAL_ERROR);
bodo> + return 0;
bodo> + }
bodo> +
bodo> for (j=0; j<k; j++)
bodo> buf[j]=c;
bodo> c++;
Hmm, my thinking with that assert is that it should be caught
*EARLY*. If we release anything with a buf too small for any ciphers
and digests that we support, it's a library bug and should be caught
early. The best way I saw for it to be caught early was to generate a
violent death, so we get it in our face. I'm not sure I understand
the error in that thinking. Could that assert be triggered in some
other way, or whall we leave it to windows users to discover such a
bug? :-)
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Re: cvs commit: openssl/ssl s3_enc.c ssl.h ssl_err.c ssl_lib.c
Richard Levitte - VMS Whacker Mon, 09 Apr 2001 03:12:45 -0700
- Re: cvs commit: openssl/ssl s3_enc.c ssl.h s... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/ssl s3_enc.c ss... Bodo Moeller
- Re: cvs commit: openssl/ssl s3_enc.c ss... Richard Levitte - VMS Whacker
- Re: cvs commit: openssl/ssl s3_enc.c ss... Bodo Moeller
