Browse Source
Originally, the only OpenSSL API to stringify errors was: char *ERR_error_string(unsigned long e, char *buf); This API leaves callers a choice to either be thread unsafe (buf = NULL) or pass in a buffer with unknown size. Indeed the original implementation was just a bunch of unchecked sprintfs with, in the buf = NULL case, a static 256-byte buffer.kris/onging/CECPQ3_patch15388f2f56f2/crypto/err/err.c (L374)Then ERR_error_string was documented that the buffer must be size 120. Nowhere in the code was 120 significant. I expect OpenSSL just made up a number.388f2f56f2Then upstream added the ERR_error_string_n API. Although the documentation stated 120 bytes, the internal buffer was 256, so the code actually translates ERR_error_string to ERR_error_string_n(e, buf, 256), not ERR_error_string_n(e, buf, 120)!e5c84d5152So the documentation was wrong all this time! OpenSSL 1.1.0 corrected the documentation to 256, but, alas, a lot of code used the documentation and sized the buffer at 120. We should fix all ERR_error_string callers to ERR_error_string_n but, in the meantime, using 120 is probably less effort. Note this also affects ERR_print_errors_cb right now. We don't have function codes, so 120 bytes leaves 60 bytes for the reason code. Our longest one, TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST is 46 bytes, so it's a little tight, but, if needed, we can recover 20-ish bytes by shrinking the library names. We can also always make ERR_print_errors_cb use a larger buffer. Change-Id: I472a1a802f2e6281cc7515d2a452208d6bac1200 Reviewed-on: https://boringssl-review.googlesource.com/24184 Reviewed-by: Adam Langley <agl@google.com>
David Benjamin
6 years ago
committed by
Adam Langley
Adam Langley