Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Conficker scanning with nmap

From: Lionel Cons <lionel.cons () cern ch>
Date: Thu, 2 Apr 2009 10:28:14 +0200
David Fifield <david () bamsoftware com> writes:

I think we should just avoid calling EVP_EncryptUpdate when data_len == 0.


I fully support this. Nmap (including the OpenSSL LUA library) should
not crash so easily. The comment associated with the OpenSSL patch is
very relevant:

  Check-in [17371]: Don't use assertions to check application-provided
  arguments; and don't unnecessarily fail on input size 0.

Cheers,

Lionel

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: