[openssl-dev] [openssl.org #4227] openssl rand 10000000000 does not produce 10000000000 random bytes

[Salz, Rich via RT]

> I am a bit worried when I see C-beginner mistakes like this in a security suite:
> When using sscanf on data you have not produced yourself, you should
> always assume they will be bigger that your largest buffer/variable and deal
> correctly with that.

That's a bit of an exaggeration here.  It's not network data coming in from somewhere else, it's a number typed on the command line in a local program.