[Swan] programs/pluto/xauth.c - non-reentrant crypt issue
Paul Wouters
pwouters at redhat.com
Thu Mar 7 21:22:02 EET 2013
On Thu, 7 Mar 2013, Philippe Vouters wrote:
> Date: Thu, 7 Mar 2013 04:09:16
> From: Philippe Vouters <philippe.vouters at laposte.net>
> To: swan at lists.libreswan.org
> Subject: Re: [Swan] programs/pluto/xauth.c - non-reentrant crypt issue
>
> This code is even wrong as crypt may return NULL.
> It should read:
> if ( cp && strcmp(cp, szpass) == 0)
Applied. Thanks!
Kind of ironic, as I submitted a dozen patches for this to other
software in the last year when doing my FIPS work.
Paul
More information about the Swan
mailing list