[openssl-dev] [openssl.org #4094] Nonsensical pointer comparison in PACKET_buf_init
Salz, Rich
rsalz at akamai.com
Thu Oct 15 13:35:28 UTC 2015
> PACKET_buf_init. This code can assume that |len| is from a trusted source.
>
> The purpose of the sanity check is not then for security, but to guard against
> programmer error. For a correctly functioning program this test should never
> fail.
I would say that the combination of these two things means that it should be an assert.
More information about the openssl-dev
mailing list