Bobby Krupczak wrote:
1) In bn_rand.c add at line 141: memset(buf, 0, bytes); =20
buf = (unsigned char *)OPENSSL_malloc(bytes);
if (buf == NULL)
{
BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE);
goto err;
}
memset(buf, 0, bytes);
2) bn_mont.c: Initialize tmod variable declared at line 392
memset(&tmod, 0, sizeof(tmod));
Maybe these two items are genuine bugs ? If some code should be using
calloc() instead of malloc() in the first case ?
You have have any simple code that exposes those bugs, simply meaning
just a page of code that when run under valgrind exposes uninit'ed data
is being used (even after a -DPURIFY version of OpenSSL is used).
Darryl
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
