Re: Imminent bugfix release (1.97.1)

Mon, 09 Nov 2009 10:49:31 -0800 

On Tue, Nov 10, 2009 at 2:46 AM, Vladimir 'phcoder' Serbinenko
<[email protected]> wrote:
> Bean wrote:
>> On Tue, Nov 10, 2009 at 2:25 AM, Robert Millan <[email protected]> wrote:
>>
>>> On Mon, Nov 09, 2009 at 07:15:48PM +0100, Vladimir 'phcoder' Serbinenko 
>>> wrote:
>>>
>>>> Robert Millan wrote:
>>>>
>>>>> Actually, modern CPUs are very complex and the number of operations (or
>>>>> time taken by them) isn't easy to predict.
>>>>>
>>>>>
>>>>>
>>>> It's generally a good practice to do exactly same operations
>>>> independently of result just store the result in a separate variable
>>>> it's how RSA is correctly implemented
>>>>
>>>>   for (n = grub_strlen (s1); n >= 0; n--)
>>>>   {
>>>>     if (*s1 != *s2)
>>>>       ret |= 1;
>>>>     else
>>>>       ret |= 0;
>>>>
>>> Uhm I didn't check, but I'd suspect -Os would optimize this out.
>>>
>>> Anyhow, if we move the fixed time wait to the outer loop, it should no
>>> longer be a problem.
>>>
>>> We could also check the approach taken by e.g. su from coreutils.
>>>
>>
>> Hi,
>>
>> How about this one:
>>
>> int
>> grub_auth_strcmp (const char *s1, const char *s2)
>> {
>>   int result = 0;
>>
>>   for (; *s1 != 0; s1++, s2++)
>>     result += (*s1 != *s2);
>>
>>   return (result != 0);
>> }
>>
>>
>>
> Welcome to club: try it with
> "abc", "abcdef"
> They will match :(. Exactly the same problem as with my code but I like
> the approach. Perhaps:
>
> int
> grub_auth_strcmp (const char *s1, const char *s2)
> {
>  int result = 0;
>
>  for (; *s1 != 0; s1++, s2++)
>    result += (*s1 != *s2);
>
>  return !(result == 0 && *s2 == 0);
> }

Hi,

This one work:

int
auth_strcmp (const char *s1, const char *s2)
{
  int result = 0;

  while (1)
    {
      result += (*s1 != *s2);
      if (*s1 == 0)
        break;

      s1++;
      s2++;
    }

  return (result != 0);
}

The trick is to compare the ending '\0' as well, so that partial match
is not satisfied.

-- 
Bean

My repository: https://launchpad.net/burg
Document: https://help.ubuntu.com/community/Burg


_______________________________________________
Grub-devel mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to