Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150911093800.GA14815@openwall.com>
Date: Fri, 11 Sep 2015 12:38:00 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags

Jim,

On Thu, Sep 10, 2015 at 04:00:03PM -0500, JimF wrote:
> On 9/10/2015 3:47 PM, Solar Designer wrote:
> >Why isn't AFS on the list, though?  Is it because I've just patched it?
> >Or is it because your test failed to detect it as buggy?  (Kai's did.)
> 
> My test did not catch it, because my test does not give a crap about the 
> flag.  Everything in taht format 'was' correct, except the flag was 
> missing.  My method actually 'tests' the bug.

I disagree that everything in AFS except the flag was correct.  AFS uses
hex-encoded strings.  Until my fix yesterday, AFS accepted arbitrary and
mixed-case hex encodings.  It uses fmt_default_split().

I think your test, as you describe it, should have caught the AFS bug.
That it did not tells me that there's probably a bug in your test that
you'd want to identify.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.