Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Sep 2015 18:48:11 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags

Jim,

On Fri, Sep 11, 2015 at 08:42:37AM -0500, JimF wrote:
> There was a split() in the jumbo version where the return of split was 
> strlwr()   At least that was there by the time I got my searching 
> function completed.

The only strlwr() in AFS_fmt.c is in salt(), both in core and in jumbo,
including in revisions from a few days ago.

I continue to think there's something wrong in your test that caused it
not to catch this bug.  It should have.

Alexander

P.S. You might want to avoid top-posting.  We're asking new contributors
to quote properly, and we shouldn't be sloppy about it ourselves.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ