[openssl-dev] WG: Re: [openssl.org #3628] [PATCH] NDEBUG macro and redundant strings
Stefan.Neis at t-online.de
Stefan.Neis at t-online.de
Fri Jan 23 14:38:07 UTC 2015
Hi,
I tried to comment on the ticket via rt, but apparently there's more
to it than just sending it to rt at openssl.org using a magic subject line
(or maybe it doesn't like "subject:" being replaced by the localized
"Betreff:" as the webmail-frontend I'm using apparently does?
Anyway, let me retry via openssl-dev:
First some comments on the original patch:
> These strings undesirably reveal absolute paths to the source
> files of libcrypto.
1. AFAIR not all versions of libc are happy with NULL being passed
for a string in printf and related functions (IIRC, e.g. SUN libc crashes
in such situations), so those NULLs should be replaced by
something like "\0" or similar, shouldn't they?
2. Also, I wonder, if defining OPENSSL_assert(e) instead of calling
OpenSSLDie without a filename really was intended.
3. Lastly, completely turning off MemChecks at the same time as
removing these strings seems a bit dubious.
Then I previously commented
> Along the same line of reasoning, there are some strings that
> reveal paths to your local installation directory (see
> crypto/x509/x509_def.c). [...]
For completeness, her is a trivial patch for that suggestion (reusing the
same NDEBUG define).
Regards,
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssl_NDEBUG2.patch
Type: application/x-patch
Size: 396 bytes
Desc:
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150123/9677755c/attachment.bin>
More information about the openssl-dev
mailing list