Re: [Valgrind-users] SSL problems

[Steve G <lin...@ya...>]

>This is a known problem in openssl. It uses uninitialzed 
>data to generate random numbers.

Right, but is that a transferable property? I think this is
something different. The call chain I posted is the
RC4_key_set call.

Before I sent the original e-mail, I traced through all the
ssl calls with ddd. The code in ssleay_rand_bytes adds a
number to each byte in the array. Valgrind complains about
this since the bytes are being used unintialized...however,
the buffer has been written to. Every single byte has
changed.

I guess this illustrates the problem:

int main(void)
{
        char buf1[20], buf2[20];
                                                           
                    
        memcpy(buf1, buf2, 20);
                                                           
                          puts(buf1);                      
                 
                                     
}

every single byte in buf1 has been written to. Is buf1
considered uninitialized in the call to puts? Shouldn't the
memcpy actually be the error? Everything I see output from
the simplified program above

-Steve Grubb



__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com