Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 06 Jul 2012 12:53:57 +0200
From: magnum <>
Subject: Re: KRB4: fix memset in afs_cmu_StringToKey()

On 2012-07-06 12:29, Frank Dittrich wrote:
> On 07/06/2012 12:23 PM, Frank Dittrich wrote:
>> May be the memset is superfluous, because further down the code, there's
>> a strncpy with length 8.
>> The man page says:
>> If the length of src is less than n, strncpy() pads the remainder of
>> dest with null bytes.
>> So we should instead just remove the memset.
> We can "optimize" even more.
> Due to this code:
>     for (i=0; i<8; i++)
>         if (password[i] == '\0') password[i] = 'X';
> the first 8 bytes cannot contain '\0', so we can even replace strncpy
> with memcpy.

Is it called from set_key() or is it inner loop even? If neither, I
think we can just leave it.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.