Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Sep 2015 12:38:00 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags

Jim,

On Thu, Sep 10, 2015 at 04:00:03PM -0500, JimF wrote:
> On 9/10/2015 3:47 PM, Solar Designer wrote:
> >Why isn't AFS on the list, though?  Is it because I've just patched it?
> >Or is it because your test failed to detect it as buggy?  (Kai's did.)
> 
> My test did not catch it, because my test does not give a crap about the 
> flag.  Everything in taht format 'was' correct, except the flag was 
> missing.  My method actually 'tests' the bug.

I disagree that everything in AFS except the flag was correct.  AFS uses
hex-encoded strings.  Until my fix yesterday, AFS accepted arbitrary and
mixed-case hex encodings.  It uses fmt_default_split().

I think your test, as you describe it, should have caught the AFS bug.
That it did not tells me that there's probably a bug in your test that
you'd want to identify.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ