[openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug
Salz, Rich
rsalz at akamai.com
Mon Jun 20 21:12:28 UTC 2016
> Defensive programming is about handling gracefully the cases when the
> user/caller does something he “is not supposed to do”.
There is a limit.
Should we return an error code that will most likely be ignored?
Should the C library be defensive about fprintf, strcpy, etc., etc.?
> Software that relies on its users doing only the right things…? Really?
OpenSSL *is not* going to check for NULL parameters where you don't supply them. It never has (not universally) and it never will. If you want another language... .:)
More information about the openssl-dev
mailing list