On Wed, Aug 14, 2002 at 03:39:03PM +0100, Ben Laurie wrote: > So how did the buffer get to be too small?
Well, in one of the cases it was improper protocol data checking (fixed in 0.9.6f). The others should really be impossible, but if they ever become possible, this most likely is because of changes to OpenSSL that are done without thinking of all the ramifications (e.g. new ciphersuites that require larger buffers for certain purposes). > I propose we have a compile > time flag that determines whether impossible conditions are fatal or > return errors, Go ahead, compile time flags are how we usually handle such things in OpenSSL -- e.g. you can define BN_DEBUG to enable certain assertions that detect situations where memory is really corrupted. -- Bodo Möller <[EMAIL PROTECTED]> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]