Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 4 Aug 2011 16:12:29 +0400
From: Solar Designer <>
Subject: Re: New daily reports

On Thu, Aug 04, 2011 at 02:01:09PM +0200, Luka Mar??eti?? wrote:
> On 08/04/2011 01:54 PM, Solar Designer wrote:
> >I am tempted to propose something not on the original list, such as
> >testing of ctype macros and locales, or looking for functions that make
> >variable size allocations on the stack (may be tricked into overwriting
> >another thread's stack or the heap), but I realize that you have more
> >than enough tasks already.
> Wouldn't (parts of) those be tasks 0 and 7 respectively (coincidentally, 
> the two tasks that were next on my to-do list after the generator)?

I'm afraid that testing of ctype macros and locales for proper operation
and for some peculiar properties (behavior on negative ints, etc.) is
not on the list currently on the wiki, even though I would have liked
such testing to be done eventually.

Task 0 ("Base definition tests") would include making sure that ctype
macros are defined correctly, but not that they work correctly.  Or at
least that's how I read Rich's description of this task.  Rich?

Task 7 ("Functions which manipulate temp copies of an argument string")
would in fact cover the alloca() issue I referred to above.  In glibc,
crypt() and crypt_r() suffer from this problem when the password string
is not 32- or 64-bit aligned (depending on hash type) and the salt
string requests MD5-crypt or one of the SHA-crypt flavors.  (The copying
is performed to have the data aligned for word-sized accesses by the
crypto code.  So it is skipped when the string happens to be already


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.