[openssl-dev] [openssl.org #3628] Re: [PATCH] NDEBUG macro and redundant strings

Алексей Комнин via RT rt at openssl.org
Mon Jan 26 12:13:31 UTC 2015


        Hi,

I have prepared a new patch, which is supposed to work well with libc
provided by SUN. It also contains additional changes for t1_enc.c
file. The patch is in attachment.

I have also pinned the patch, provided by Stefan, though I have not
understood why it is necessary to patch the x509_def.c file.

Also, I have removed changes related to MemChecks from the patch.

        Regards,
                Alex.

On Fri, Jan 23, 2015 at 5:38 PM, Stefan.Neis at t-online.de
<Stefan.Neis at t-online.de> wrote:
>          Hi,
>
> I tried to comment on the ticket via rt, but apparently there's more
> to it than just sending it to rt at openssl.org using a magic subject line
> (or maybe it doesn't like "subject:" being replaced by the localized
> "Betreff:" as the webmail-frontend I'm using apparently does?
>
> Anyway, let me retry via openssl-dev:
>
> First some comments on the original patch:
>> These strings undesirably reveal absolute paths to the source
>> files of libcrypto.
>
> 1. AFAIR not all versions of libc are happy with NULL being passed
>    for a string in printf and related functions (IIRC, e.g. SUN libc crashes
>    in such situations), so those NULLs should be replaced by
>    something like "\0" or similar, shouldn't they?
> 2. Also, I wonder, if defining OPENSSL_assert(e) instead of calling
>    OpenSSLDie without a filename really was intended.
> 3. Lastly, completely turning off MemChecks at the same time as
>    removing these strings seems a bit dubious.
>
> Then I previously commented
>> Along the same line of reasoning, there are some strings  that
>> reveal paths to your local installation directory (see
>>  crypto/x509/x509_def.c). [...]
>
> For completeness, her is a trivial patch for that suggestion (reusing the
> same NDEBUG define).
>
>         Regards,
>                Stefan
>
>
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssl_NDEBUG2.patch
Type: application/x-patch
Size: 396 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150126/e0810718/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openssl-ndebug.patch
Type: application/x-patch
Size: 14005 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20150126/e0810718/attachment-0001.bin>


More information about the openssl-dev mailing list