john-dev - Re: ldr_split_line() performance regression

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Wed, 16 Sep 2015 23:03:43 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: ldr_split_line() performance regression

On Wed, Sep 16, 2015 at 02:02:34PM -0500, jfoug wrote:
> 
> On 9/16/2015 1:52 PM, Solar Designer wrote:
> >strlen(*ciphertext) < 10 && strncmp(*ciphertext, "$dummy$", 7)) {
> 
> These should be reversed, since strncmp should short circuit out much 
> earlier than the length check.  Also, checking for a '$' char even 
> before a strncpy (or even '$' and 'd') would be smart,

Good catch.  I suggest we do:

        if (((*login)[0] == '+' && (!(*login)[1] || (*login)[1] == '@')) &&
            (*ciphertext)[0] != '$' &&
            strlen(*ciphertext) < 10 && strncmp(*ciphertext, "$dummy$", 7)) {

> as would checking the 6 byte string "dummy$' from offset 1.

I'm not sure if it's worth it, and it won't matter for the current
testcase anyway. ;-)

We could also use strnlen() there, if we depend on it elsewhere in the
jumbo tree anyway.

Alexander

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.