Ben Laurie <[EMAIL PROTECTED]>: > As noted elsewhere, I really object to returning internal errors! It > makes no sense to attempt to continue after the impossible has occurred.
If we could be absolutely sure that these events are strictly "impossible", then it wouldn't make a difference if we call abort(), return an internal error, or post a coredump to alt.binaries: nothing of this could ever happen. In fact we don't "continue" -- we return an error, meaning that the current handshake will be aborted. Of course the point is that one of the events might not be that impossible after all if there are still hidden bugs. So what would this mean? If the internal structures are totally screwed up, then an abort() might be the best we can do. But that's not the case for those internal error cases (or the one that was considered an internal error in the initial patch but turned out to be a protocol error): what really may have happened is that a buffer that has been allocated turns out to be of insufficient size. We test this *before* accessing the buffer and return an internal error *instead*, so what bad thing could happen? -- Bodo Möller <[EMAIL PROTECTED]> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
