Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 6 Jul 2012 12:29:02 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: KRB4: fix memset in afs_cmu_StringToKey()

On 07/06/2012 12:23 PM, Frank Dittrich wrote:
> May be the memset is superfluous, because further down the code, there's
> a strncpy with length 8.
> 
> The man page says:
> If the length of src is less than n, strncpy() pads the remainder of
> dest with null bytes.
> 
> So we should instead just remove the memset.

We can "optimize" even more.

Due to this code:

    for (i=0; i<8; i++)
        if (password[i] == '\0') password[i] = 'X';

the first 8 bytes cannot contain '\0', so we can even replace strncpy
with memcpy.

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.