Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 2 May 2012 08:16:00 +0400
From: Solar Designer <solar@...nwall.com>
To: passwdqc-users@...ts.openwall.com
Subject: Re: Patch for crypt() possible returning NULL

Hi Paul,

On Mon, Apr 23, 2012 at 02:23:52PM -0400, Paul Wouters wrote:
> crypt() can return NULL, but the passwdqc code assumes it always
> returns a valid pointer.

Yes, thanks!  I am now planning to go over the entire Owl "native" tree,
including passwdqc and more, and patch these crypt() NULL return issues.
I did remember about that issue in popa3d code, but not in passwdqc - so
thank you for the reminder!

FWIW, I posted some thoughts on the general issue here:

http://www.openwall.com/lists/oss-security/2012/03/30/18

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ