Hi,
[snip] > > I'm not sure I understand how this can be a generic problem. If an > > ENGINE implementation intends to store passed strings, ie. for use > > after > > the ENGINE_ctrl() command in question has returned, then it should > > surely be making a local copy? There are two points that leap to > > mind; > > My point of view. > But in the code I checked the passed string is only referenced, > not copied... ahhh ... OK, right I'm with you now. So you see the problem is in the ENGINE implementations, not in the library code that passes the strings through to ENGINE_ctrl(). Yes, any ctrl() values that are passed in for *later* use should be duplicated and stored inside the implentation. This should be fixed. [snip] > But in all implementations I had a look he string value is intended > for > later use but it is not copied and only the reference is kept. Yup. > Comparing the code of the different implementations it seems to me > the first implementor made a mistake and all following > implementors only copied the existing code (with small modifications) Heh, want to guess who that first implementor was? <gulp> > Is should be stored in a local copy of the string. > Best would be to have the ENGINEs have a reverence to the > internal data and store it there. Well an ENGINE implementation can attach its own data to an ENGINE structure already, and some in fact do just this. Moreover, it's intended for precisely this sort of "state", because you can also clean up at the right time. > But at the moment the passed data is stored in static variables. Yup, that's not a Good Thing(tm). [snip] > ??? > I resubmited the patch on Tue, 18 Jun 2002 16:51:04 +0200... > > Should I send it again ? Nope, I've found it :-) Yes, your patch looks good - I'll double-check a few things then commit. Please keep an eye on openssl-cvs and/or check out the next snapshot. Thanks for your efforts. Regards, Geoff -- ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
