Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 03 Apr 2019 23:47:35 +0300
From: Aleksey Cherepanov <aleksey.4erepanov@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: ldr_split_line() performance regression

Solar Designer <solar@...nwall.com> writes:
> On Wed, Sep 16, 2015 at 02:02:34PM -0500, jfoug wrote:
>> 
>> On 9/16/2015 1:52 PM, Solar Designer wrote:
>> >strlen(*ciphertext) < 10 && strncmp(*ciphertext, "$dummy$", 7)) {
>> 
>> These should be reversed, since strncmp should short circuit out much 
>> earlier than the length check.  Also, checking for a '$' char even 
>> before a strncpy (or even '$' and 'd') would be smart,
>
> Good catch.  I suggest we do:
>
>         if (((*login)[0] == '+' && (!(*login)[1] || (*login)[1] == '@')) &&
>             (*ciphertext)[0] != '$' &&
>             strlen(*ciphertext) < 10 && strncmp(*ciphertext, "$dummy$", 7)) {

If  (*ciphertext)[0] != '$'  condition is true, then
strncmp(*ciphertext, "$dummy$", 7) != 0  condition is true too.

So it seems there was a mistake in evolution of the check.

Thanks!

--
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.