Re: reviewing OpenSSL's lib/libssl/src/crypto/asn1

2014-04-22 Thread Bob Beck
Thanks ted. now I don't have to do it :) Send more diffs Dirk :) On Tue, Apr 22, 2014 at 2:38 PM, Ted Unangst wrote: > On Mon, Apr 21, 2014 at 05:37, Dirk Engling wrote: >> On 21.04.14 04:56, Ted Unangst wrote: >> >>> Also, can you include diffs inline please? One diff per email. Maybe >>> just

Re: reviewing OpenSSL's lib/libssl/src/crypto/asn1

2014-04-22 Thread Ted Unangst
On Mon, Apr 21, 2014 at 05:37, Dirk Engling wrote: > On 21.04.14 04:56, Ted Unangst wrote: > >> Also, can you include diffs inline please? One diff per email. Maybe >> just one or two emails to start, then try sending the rest after we >> see how that goes? > > fix double free in d2i_ASN1_bytes b

Re: reviewing OpenSSL's lib/libssl/src/crypto/asn1

2014-04-22 Thread Bob Beck
Post diffs one per message per "thing you're trying to do" - example "fix leak in foo.c" - etc. You may have slow replies for a few days, people are travelling On Tue, Apr 22, 2014 at 12:12 PM, Dirk Engling wrote: > On 22.04.14 19:16, Bob Beck wrote: > >> I'll take a look at this when I get ho

Re: reviewing OpenSSL's lib/libssl/src/crypto/asn1

2014-04-22 Thread Dirk Engling
On 22.04.14 19:16, Bob Beck wrote: > I'll take a look at this when I get home, and either apply your fix or > disentangle this in a hopefully more obvious way. How shall I proceed with the other fixes? Just bundle them as diffs against the current revision an put them on the list as new threads?

Re: reviewing OpenSSL's lib/libssl/src/crypto/asn1

2014-04-22 Thread Bob Beck
My bad Dirk - you're right with that one. I'll take a look at this when I get home, and either apply your fix or disentangle this in a hopefully more obvious way. On Mon, Apr 21, 2014 at 1:53 PM, Dirk Engling wrote: > On 21.04.14 19:01, Bob Beck wrote: > >> Not quite, because now you avoid the p

Re: reviewing OpenSSL's lib/libssl/src/crypto/asn1

2014-04-21 Thread Dirk Engling
On 21.04.14 19:01, Bob Beck wrote: > Not quite, because now you avoid the potential double free and instead leak > ret itself because of how ASN1_STRING_free works.. You need to > do this slightly differently. I disagree: err: if ((ret != NULL) && ((a == NULL) || (*a != ret)))

Re: reviewing OpenSSL's lib/libssl/src/crypto/asn1

2014-04-21 Thread Bob Beck
Not quite, because now you avoid the potential double free and instead leak ret itself because of how ASN1_STRING_free works.. You need to do this slightly differently. On Sun, Apr 20, 2014 at 9:37 PM, Dirk Engling wrote: > On 21.04.14 04:56, Ted Unangst wrote: > >> Also, can you include diffs in

Re: reviewing OpenSSL's lib/libssl/src/crypto/asn1

2014-04-20 Thread Dirk Engling
On 21.04.14 04:56, Ted Unangst wrote: > Also, can you include diffs inline please? One diff per email. Maybe > just one or two emails to start, then try sending the rest after we > see how that goes? fix double free in d2i_ASN1_bytes by setting ret->data = NULL after free, before potential goto e

Re: reviewing OpenSSL's lib/libssl/src/crypto/asn1

2014-04-20 Thread Dirk Engling
On 21.04.14 04:56, Ted Unangst wrote: > Also, can you include diffs inline please? One diff per email. Maybe > just one or two emails to start, then try sending the rest after we > see how that goes? fix memory leak in a2i_ASN1_ENUMERATED, a2i_ASN1_STRING and a2i_ASN1_INTEGER, in case of of goto

Re: reviewing OpenSSL's lib/libssl/src/crypto/asn1

2014-04-20 Thread Ted Unangst
On Mon, Apr 21, 2014 at 04:43, Dirk Engling wrote: > On 21.04.14 01:13, Bob Beck wrote: > >> this list is for diffs. post them. keep them reviewable - of >> meaningful size and doing a certain thing. >> (as opposed to this diff changes 15 things.. ) > > Find attached my patches for some memory

Re: reviewing OpenSSL's lib/libssl/src/crypto/asn1

2014-04-20 Thread Dirk Engling
On 21.04.14 01:13, Bob Beck wrote: > this list is for diffs. post them. keep them reviewable - of > meaningful size and doing a certain thing. > (as opposed to this diff changes 15 things.. ) Find attached my patches for some memory leaks, use after frees and some minor house keeping as follows

Re: reviewing OpenSSL's lib/libssl/src/crypto/asn1

2014-04-20 Thread Bob Beck
On Sun, Apr 20, 2014 at 5:06 PM, Dirk Engling wrote: > Dear openbsd devs, > > I've just put on my rubber gloves to help with your heroic efforts on > OpenSSL. I started to dive into OpenSSL's ASN.1 implementation and now > wonder how to share my findings, patches and requests without spamming this

reviewing OpenSSL's lib/libssl/src/crypto/asn1

2014-04-20 Thread Dirk Engling
Dear openbsd devs, I've just put on my rubber gloves to help with your heroic efforts on OpenSSL. I started to dive into OpenSSL's ASN.1 implementation and now wonder how to share my findings, patches and requests without spamming this list. Also while scanning through the rest of libssl, I'