Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 16 Sep 2015 23:03:43 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: ldr_split_line() performance regression

On Wed, Sep 16, 2015 at 02:02:34PM -0500, jfoug wrote:
> 
> On 9/16/2015 1:52 PM, Solar Designer wrote:
> >strlen(*ciphertext) < 10 && strncmp(*ciphertext, "$dummy$", 7)) {
> 
> These should be reversed, since strncmp should short circuit out much 
> earlier than the length check.  Also, checking for a '$' char even 
> before a strncpy (or even '$' and 'd') would be smart,

Good catch.  I suggest we do:

        if (((*login)[0] == '+' && (!(*login)[1] || (*login)[1] == '@')) &&
            (*ciphertext)[0] != '$' &&
            strlen(*ciphertext) < 10 && strncmp(*ciphertext, "$dummy$", 7)) {

> as would checking the 6 byte string "dummy$' from offset 1.

I'm not sure if it's worth it, and it won't matter for the current
testcase anyway. ;-)

We could also use strnlen() there, if we depend on it elsewhere in the
jumbo tree anyway.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.