[openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes
Salz, Rich via RT
rt at openssl.org
Tue Jan 12 00:01:29 UTC 2016
> I am a bit worried when I see C-beginner mistakes like this in a security suite:
> When using sscanf on data you have not produced yourself, you should
> always assume they will be bigger that your largest buffer/variable and deal
> correctly with that.
That's a bit of an exaggeration here. It's not network data coming in from somewhere else, it's a number typed on the command line in a local program.
More information about the openssl-dev
mailing list