[openssl-dev] [openssl.org #4579] Bug - libcrypto.a null pointer dereference bug
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Mon Jun 20 21:27:17 UTC 2016
On 6/20/16, 17:12 , "openssl-dev on behalf of Salz, Rich"
<openssl-dev-bounces at openssl.org on behalf of rsalz at akamai.com> wrote:
>> Defensive programming is about handling gracefully the cases when the
>> user/caller does something he “is not supposed to do”.
>
>There is a limit.
True.
>Should we return an error code that will most likely be ignored?
Yes, as long as you don’t crash...
>Should the C library be defensive about fprintf, strcpy, etc., etc.?
Heck, yes! There are reasons why sane programmers don’t use strcpy()
nowadays. ;)
>>Software that relies on its users doing only the right things…? Really?
>
>OpenSSL *is not* going to check for NULL parameters where you don't
>supply them.
Is the interface partitioned that well? Perhaps it’s my ignorance, but I
didn’t think so.
>It never has (not universally) and it never will. If you want another
>language... .:)
;-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5227 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160620/bb7cc7c0/attachment.bin>
More information about the openssl-dev
mailing list