Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Various error-handling fixes #1424

Closed
wants to merge 2 commits into from
Closed

Conversation

davidben
Copy link
Contributor

No description provided.

Rather than making assumptions about the values, use a switch-case.
ERR_error_string with NULL parameter is not thread-safe. The library
writes the string into some static buffer. Two threads doing this at
once may clobber each other and run into problems. Switch to
ERR_error_string_n which avoids this problem and is explicitly
bounds-checked.

Also clean up some remnants of OpenSSL 0.9.5 around here. A number of
comments (fixed buffer size, explaining that ERR_error_string_n was
added in a particular version) date to when ossl_strerror tried to
support pre-ERR_error_string_n OpenSSLs.
@mention-bot
Copy link

@davidben, thanks for your PR! By analyzing the history of the files in this pull request, we identified @bagder, @captain-caveman2k and @petrpisaratlascz to be potential reviewers.

@bagder bagder added the TLS label Apr 17, 2017
@bagder bagder closed this in 47b2f89 Apr 17, 2017
bagder pushed a commit that referenced this pull request Apr 17, 2017
ERR_error_string with NULL parameter is not thread-safe. The library
writes the string into some static buffer. Two threads doing this at
once may clobber each other and run into problems. Switch to
ERR_error_string_n which avoids this problem and is explicitly
bounds-checked.

Also clean up some remnants of OpenSSL 0.9.5 around here. A number of
comments (fixed buffer size, explaining that ERR_error_string_n was
added in a particular version) date to when ossl_strerror tried to
support pre-ERR_error_string_n OpenSSLs.

Closes #1424
@bagder
Copy link
Member

bagder commented Apr 17, 2017

thanks!

@lock lock bot locked as resolved and limited conversation to collaborators May 21, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Development

Successfully merging this pull request may close these issues.

3 participants