Hello Steve,

On Sun, 2004-11-14 at 00:48, Stephen Henson via RT wrote:
> > +       die(os.length <= sizeof ret->session_id);

> >         OPENSSL_assert(os.length <= sizeof ret->session_id);

> would also keep os.length <= sizeof ret->session_id. So the following
> memcpy() can never overflow the buffer.

You are correct. Thanks for clearing this up. It's the '<=' operator in
the original die() that confused me. But since this is about a memcpy()
and not a copy to an indexed char * there is indeed no danger of an
overflow here.

Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to