On Fri, Nov 29, 2019 at 7:08 PM Tomas Mraz <tm...@redhat.com> wrote:

> The "always check for NULL pointers" approach does not avoid
> catastrophical errors in applications.

I didn't say it avoided all errors (nor did anyone else on the thread that
I've read) - but it does avoid a whole class of errors.

And for that particular context there are many things you can do to
mitigate it - and incorrect handling of EVP_CipherUpdate itself is very
common - where error returns are completely ignored.
We could reasonably define that it should wipe out the output buffer on any
error condition - that would make the function safer in a whole pile of

However that is talking about a different issue IMHO.


Reply via email to