Hi there,
OK, finally got round to taking a look at this ticket [#98] - apologies for the delay on my part. [[EMAIL PROTECTED] - Fri Jun 14 21:37:50 2002]: > There is a possible problem with the string param handling of > ENGINE_ctrl(): > (At least I will get a problem...) > > In the ..._ctrl()-Function of the engines a passed string > is only referenced and not copyed. > This is bad if the buffer with the passed data is overwritten... > > Since in the BIO interface passed string params are copied > to an internal (allocated) buffer (at least in the modules I > checked...), the ENGINE -interface should act the same way. I'm not sure I understand how this can be a generic problem. If an ENGINE implementation intends to store passed strings, ie. for use after the ENGINE_ctrl() command in question has returned, then it should surely be making a local copy? There are two points that leap to mind; (1) Only the ENGINE implementor knows if he/she only needs the string value during the ctrl() call or whether he/she intends to use the string value at a later time - so he/she should be deciding whether a copy is required or not. (2) If a copy was to be made by the framework for passing to the ENGINE's ctrl() handler, where would it be stored? Moreover, when/how would it be cleaned up? Then again, perhaps I haven't fully understood the problem you see. Please illustrate the potential if I have and I'll take a closer look. NB: My inability to grok the "problem" isn't helped by the fact that I can't read that diff format, perhaps that makes me a fake hacker? :-) Could you please resubmit the patch in "diff -u" form if you still think I need to examine it in fine detail. Regards, Geoff -- Geoff Thorpe, RT/openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]