[124334] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: [ROS] The perils of security tools

daemon@ATHENA.MIT.EDU (Florian Weimer)
Fri May 23 18:57:21 2008

From: Florian Weimer <fw@deneb.enyo.de>
To: Ben Laurie <ben@links.org>
Cc: "Jonathan S. Shapiro" <shap@eros-os.com>,  Robust Open Source <open-source@csl.sri.com>,  Cryptography <cryptography@metzdowd.com>
Date: Fri, 23 May 2008 23:49:01 +0200
In-Reply-To: <482AB21E.7080000@links.org> (Ben Laurie's message of "Wed, 14
	May 2008 10:34:22 +0100")

* Ben Laurie:

> Jonathan S. Shapiro wrote:
>> Ben: I'm idly curious. Was this exceptionally unusual case where use of
>> uninitialized memory was valid properly commented in the code?

It's mentioned in the manpage for a function that eventually calls the
function that was (correctly) patched--through a function pointer.  The
incorrectly patched function looks somewhat parallel, but it's not.

There is no local comment in the source code for this particular case of
uninitialized memory access.

> Well. Kinda. It didn't really explain why:
>
> 		i=fread(buf,1,n,in);
> 		if (i <= 0) break;
> 		/* even if n != i, use the full array */
> 		RAND_add(buf,n,(double)i);
>
> There is in theory a second place where it might used an uninitialised
> buffer, but I think in practice that never happens.

AFAIK, this piece of code is not really related and rarely used outside
OpenSSL itself.  And in the OpenSSL case, the fread call always
overwrites the whole buffer, it seems.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post