[ROS] The perils of security tools

Florian Weimer fw at deneb.enyo.de
Fri May 23 17:49:01 EDT 2008

* Ben Laurie:

> Jonathan S. Shapiro wrote:
>> Ben: I'm idly curious. Was this exceptionally unusual case where use of
>> uninitialized memory was valid properly commented in the code?

It's mentioned in the manpage for a function that eventually calls the
function that was (correctly) patched--through a function pointer.  The
incorrectly patched function looks somewhat parallel, but it's not.

There is no local comment in the source code for this particular case of
uninitialized memory access.

> Well. Kinda. It didn't really explain why:
> 		i=fread(buf,1,n,in);
> 		if (i <= 0) break;
> 		/* even if n != i, use the full array */
> 		RAND_add(buf,n,(double)i);
> There is in theory a second place where it might used an uninitialised
> buffer, but I think in practice that never happens.

AFAIK, this piece of code is not really related and rarely used outside
OpenSSL itself.  And in the OpenSSL case, the fread call always
overwrites the whole buffer, it seems.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list