Wan-Teh Chang wrote, On 2008-01-02 18:10: > On return, > you need to check that SSL_GetChannelInfo returned SECSuccess > and that the length field is <= sizeof(SSLChannelInfo) (the size of > SSLChannelInfo when you compiled your code) before you can use > the value of any other field.
Why do you say that? I don't believe there's any need to check that the returned length field value is <= the caller's expected size. > If the length field is strictly < sizeof(SSLChannelInfo), > you can only use the field at offset <= that length. True. That would be a case of a caller compiled with a newer version of NSS but running with and older version of NSS shared libraries than the version with which it was compiled. If the function returns less data than the caller was expected, the caller should not rely on the parts that weren't filled in. :) /Nelson _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
