These new implementations
- do several validity check on input parameters
- allow a bit larger variable names (127 bytes, aka sizeof(Proc.genbuf)-1)
- preserve nulls in the content (the original version used to replace
'\0' with ' '). I can't see why they did, actually.
See also http://marc.info/?l=9fans&m=148475801229908&w=2
Should also fix CID 155718
According to http://man.cat-v.org/9front/2/mp mptole either take p or pp:
> Mptobe and mptole convert an mpint to a byte array. The
> former creates a big endian representation, the latter a
> little endian one. If the destination buf is not nil, it
> specifies the buffer of length blen for the result. If the
> representation is less than blen bytes, the rest of the
> buffer is zero filled. **If buf is nil**, then a buffer is
> allocated and a pointer to it is deposited in the location
> pointed to by **bufp**. Sign is ignored in these conversions,
> i.e., the byte array version is always positive.
Assert accordingly.
As noted ty Cinap Lenrek Finished.n is only set by setVersion and can only
be either 0 before setVersion() as emalloc() zeros the TlsConnection struct
or SSL3FinishedLen/TLSFinishedLen after when we got the client/server hello.
Introducing FinishedLength enum we make the domain of the field explicit.
CID 49221 (#1 of 1): Identical code for different branches (IDENTICAL_BRANCHES)
identical_branches: The same code is executed when the condition p == NULL is true or false, because the code in the if-then branch and after the if statement is identical. Should the if statement be removed?
In aesXCBCmac fix (potential) out of bound write in padding.
CID 155904 (#1 of 1): Out-of-bounds write (OVERRUN)
7. overrun-local: Overrunning array of 16 bytes at byte offset 16 by dereferencing pointer p2++.
CID 155471 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING)67.
buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array envcopy of size 256 bytes might leave the destination string unterminated.
CID 155910 (#1 of 1): Out-of-bounds access (OVERRUN)1.
overrun-buffer-val: Overrunning buffer pointed to by key of 7 bytes by passing it to a function which accesses it at byte offset 63.
Giacomo Tesio