[patch] Valgrind complaining about unitialized data

[Erik de Castro Lopo]

Hi all,

I'm working with version 0.9.8c distributed as part of Ubuntu but
I have also veryfied that the same problem exists with the latest
release 0.9.8e.

The problem is that when I run my code under valgrind 

    http://valgrind.org/

looking for errors in my code, I get completely overwhelmed by 
warnings about the OpenSSL code. A single run of my program can 
result in literally thousands of openssl warnings and problems I 
have to fix may or may not be buried somewhere within that.

Researching this matter futher, I found this patch from Daniel 
Brahneborg dating from 2003 :

    
http://www.arcknowledge.com/gmane.comp.encryption.openssl.devel/2003-02/msg00199.html

By downloading the source package to openssl, applying this patch and
then recompiling/installing the resulting package reduced the warnings
coming from openssl to almost nil.

Once the warnings had been drastically reduced I immeidtaley found a 
bug in my code where I was doing:

    ssl = SSL_new (ctx) ;
    sbio = BIO_new_socket (filedesc, BIO_NOCLOSE) ;
    SSL_set_bio (ssl, sbio, sbio) ;

    // Bunch of code.

    BIO_free (sbio) ;
    SSL_free (ssl) ;

resulting in (as reported by valgrind) a double free of the BIO object.

So, my question is, is there any reason why Daniel Brahneborg's patch
from 2003 wasn't applied? For reference, the patch (against 0.9.8c) is 
below.

Cheers,
Erik

diff -r -u openssl-0.9.8c-hacked/crypto/rand/rand_lib.c 
openssl-0.9.8c/crypto/rand/rand_lib.c
--- openssl-0.9.8c-hacked/crypto/rand/rand_lib.c        2007-03-02 
12:07:32.000000000 +1100
+++ openssl-0.9.8c/crypto/rand/rand_lib.c       2003-01-31 04:39:23.000000000 
+1100
@@ -154,7 +154,6 @@
 int RAND_bytes(unsigned char *buf, int num)
        {
        const RAND_METHOD *meth = RAND_get_rand_method();
-       memset (buf, 0, num);
        if (meth && meth->bytes)
                return meth->bytes(buf,num);
        return(-1);



-- 
+-----------------------------------------------------------+
  Erik de Castro Lopo
+-----------------------------------------------------------+
"Even Napoleon had his Watergate" -- Michael Spautz
-- 
+-----------------------------------------------------------+
  Erik de Castro Lopo
+-----------------------------------------------------------+
Moore's Law: hardware speed doubles every 18 months
Gates' Law: software speed halves every 18 months
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]