[Bug 228712] Re: Feature request: add patch to enable crypted passwords
Philipp Kaluza
pixelpapst at users.sourceforge.net
Sat May 10 15:21:12 BST 2008
notes to self and others reviewing this patch (sasl package guru ?):
* the strncmp's around line 62 in the patch might as well use pass_format_str instead of p
* the hardcoded 11 there bothers me
* strcasecmp ?
* this part in _sasl_get_salt is partially redundant:
+ /* blowfish crypt */
+ else if (src[1] == '2')
+ num = (src[1] == '2' && src[2] == 'a') ? 17 : 16;
* _sasl_get_salt returns 1 regardless whether or not dest (&salt) was written to, and the return value is never checked
this is probably not exploitable, but non-nice
* I don't grok exactly how auxprop_values[...] is structured, but the patch seems to do sensible things with it :)
other than the above, seems fine to me.
--
Feature request: add patch to enable crypted passwords
https://bugs.launchpad.net/bugs/228712
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cyrus-sasl2 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list