Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Aug 2015 04:20:34 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: The cmp_all() of cq

Kai,

On Sat, Aug 22, 2015 at 04:16:20AM +0300, Solar Designer wrote:
> Clearly, your aggressive (even if not entirely correct) testing of
> cmp_all() has already uncovered two bugs that we otherwise might have
> missed.  So maybe continuing to print warnings about cmp_all() is OK,
> and we'd need to add a whitelist of formats for which we'd mute those
> warnings (upon checking that their cmp_all() is highly prone to false
> positives on purpose).

In fact, if you keep it aggressive, it makes sense to make it even more
so: print a warning if _any_ one (or more) of cmp_all(), cmp_one(), or
cmp_exact() reports a possible match when no match is expected.  For
cmp_exact() this would be a fatal error (test failed) unless
FMT_NOT_EXACT is set, but for cmp_all() or cmp_one() merely a warning,
which might be a false positive (yet should be printed).

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ