Date: Fri, 11 Sep 2015 12:38:00 +0300 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: auditing our use of FMT_* flags Jim, On Thu, Sep 10, 2015 at 04:00:03PM -0500, JimF wrote: > On 9/10/2015 3:47 PM, Solar Designer wrote: > >Why isn't AFS on the list, though? Is it because I've just patched it? > >Or is it because your test failed to detect it as buggy? (Kai's did.) > > My test did not catch it, because my test does not give a crap about the > flag. Everything in taht format 'was' correct, except the flag was > missing. My method actually 'tests' the bug. I disagree that everything in AFS except the flag was correct. AFS uses hex-encoded strings. Until my fix yesterday, AFS accepted arbitrary and mixed-case hex encodings. It uses fmt_default_split(). I think your test, as you describe it, should have caught the AFS bug. That it did not tells me that there's probably a bug in your test that you'd want to identify. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.