[openssl-dev] [question] Useless NULL check or Missing NULL check?
Matt Caswell
matt at openssl.org
Mon May 18 07:49:59 UTC 2015
On 17/05/15 20:13, Kurt Cancemi wrote:
> Hello,
>
> If anyone from the openssl dev team can answer this question about the
> openssl code:
>
> In ssl_lib.c in SSL_shutdown(), s->handshake_func is compared against
> 0 (inferring that s != NULL) and then there is a NULL check that (s
> != NULL) which the compiler optimizes out because (s) is inferred to
> not be NULL because of the check (s->handshake_func == 0).
>
> So is there supposed to be a NULL check before the check
> (s->handshake_func == 0) or no?
>
> Note: This behavior was changed in commit b31b04 in 1999.
IMO almost all SSL_* functions require that you pass a valid SSL object
otherwise you will probably get a crash. I see no reason why
SSL_shutdown() should be any different, therefore I'd say the NULL check
is superfluous.
Matt
More information about the openssl-dev
mailing list