On Mon, Oct 14, 2002 at 08:11:20PM +0100, Ben Laurie wrote: >> Another theory is that any words in the array between 'top' and 'max' >> are supposed to be zero -- there's much code with the sole purpose to >> achieve this. The problem is that this does not *always* happen >> (otherwise this would not haven been a bug, and I believe there are >> other cases); so maybe we can say that these words are zero for >> aesthetical reasons, but technically are 'don't care'.
> Hmmm ... wouldn't them being non-zero imply information leak? Well, a risk of information leak in the presence of such bugs (if the code is correct, then the 'don't care' values are not visible). -- Bodo M�ller <[EMAIL PROTECTED]> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
