[gnutls-devel] GnuTLS | Should we check each argument of public gnutls functions to prevent crashes ? (#763)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed May 8 22:57:17 CEST 2019




Then let's reduce it to NULL value checks. I agree that it might be overwhelming to even address that for all gnutls functions. But in the long term, this might reduce maintenance: now a NULL pointer access that crashes an application within the library code will come up as issue "GnuTLS crashes at ...". With a proper check and an appropriate error return would make the application developer check his code before opening an issue against GnuTLS.

Suggestion:
We can simply make a table of lib/ files in this issue and slowly check each one. Nothing that has to be done within one day or one single MR. Whenever one file (all the functions) has been checked, we flag that file's table entry.

If you don't agree, please just close this issue. I'm also fine with keeping things as is.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/763#note_168082088
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190508/08546e0b/attachment.html>


More information about the Gnutls-devel mailing list