Re: ...memory constraints... ...70 full copies of 4 different OpenSSL versions...
Funniest thing is, if they only wrote
#define SAFE_LIBRARY_memcpy(dest, destMax, src, count) memcpy(dest, src, (destMax) < (count) ? (destMax) : (count))
Then they'd be at least immune to piss-poor stack overflow attacks, even if using plain libc.
Well, no ... Even if the codebase has been tested as it stands (which may be hopelessly optimistic) the values supplied for destMax in the calls have not been tested and may be meaningless. You still need at the very least to manually sanity-check the destMax value passed in every call, and then retest the whole codebase with the new macro.
... and that assumes that the code won't misbehave because you've truncated the result of a copy operation.
Biting the hand that feeds IT
