Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Aug 2012 13:42:57 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: Serious bug in -fixes and all other branches

I have made these changes to dynamic:

In valid(), I have removed the HEX_valid calls, and that function has been removed from the source file, since it was only used in valid()

In valid, at the top, I strstr for $HEX$ and if found, I copy the ciphertext to a temp buffer, call RemoveHEX() to totally strip out all hex items, and then use that buffer for the rest of valid.   To do this, I also had to move RemoveHEX up above valid().

I think this fixes all issues.  Loader.c is left alone.   We 'still' need to call the function to 're' HEX lines before being dumped out to the .pot file, however.

But now, split, prepare and valid, all properly remove any HEX that is there.  It is likely that the split functions are not needed to do this, but no harm is done by having the code there, it can only be removed once.  So internally, there is no $HEX$ data. Externally we 'write' using $HEX$ when needed, and can read $HEX$ and remove it properly from input files, and from .pot files.  I believe this should put this issue to bed.

The hard part, is this is in valid, which is a function that has a different signature between J6-fixes, jumbo and bleeding.   Magnum, how would you like me to proceed on bringing this patch forward?

>From: magnum [mailto:john.magnum@...hmail.com]
>
>I now rolled it back (*only* the ldr_load_pot_line() changes, nothing
>else, even in loader.c) in all branches.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ