On Tue, Nov 10, 2009 at 1:39 PM, Bean bean12...@gmail.com wrote:
On Tue, Nov 10, 2009 at 5:34 AM, Vladimir 'phcoder' Serbinenko
phco...@gmail.com wrote:
But now it has a technical problem: it may read post array definitions.
If any of post-array memory is MMIO or absent reading from it may
On Tue, Nov 10, 2009 at 4:28 PM, Bean bean12...@gmail.com wrote:
On Tue, Nov 10, 2009 at 1:39 PM, Bean bean12...@gmail.com wrote:
On Tue, Nov 10, 2009 at 5:34 AM, Vladimir 'phcoder' Serbinenko
phco...@gmail.com wrote:
But now it has a technical problem: it may read post array definitions.
If
On Tue, Nov 10, 2009 at 4:46 PM, Bean bean12...@gmail.com wrote:
Hi,
Just in case p2 is optimized out by gcc:
typedef char grub_password_t[1024];
int
grub_auth_strcmp (const grub_password_t s1, const grub_password_t s2)
{
char r1 = 0;
char r2 = 0;
char r3 = 0;
char *p1, *p2;
int
On Tue, Nov 10, 2009 at 4:52 PM, Bean bean12...@gmail.com wrote:
Hi,
Perhaps this one, it's more symmetrical:
typedef char grub_password_t[1024];
int
grub_auth_strcmp (const grub_password_t s1, const grub_password_t s2)
{
char r1 = 0;
char r2 = 0;
char r3 = 0;
char *p1, *p2;
int
Hi,
Oh, I just come up with a better way to do this:
typedef char grub_password_t[1024];
int
grub_auth_strcmp (const grub_password_t s1, const grub_password_t s2)
{
char r1 = 0;
char r2 = 0;
char *p;
int i, c;
p = r1;
c = 0;
for (i = 0; i sizeof (grub_password_t); i++, s1++, s2++)
{
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bean a écrit :
Hi,
Oh, I just come up with a better way to do this:
typedef char grub_password_t[1024];
int
grub_auth_strcmp (const grub_password_t s1, const grub_password_t s2)
{
char r1 = 0;
char r2 = 0;
char *p;
int i, c;
p
On Tue, Nov 10, 2009 at 10:25 PM, Duboucher Thomas tho...@duboucher.eu wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bean a écrit :
Hi,
Oh, I just come up with a better way to do this:
typedef char grub_password_t[1024];
int
grub_auth_strcmp (const grub_password_t s1, const
On Tue, Nov 10, 2009 at 8:25 AM, Duboucher Thomas tho...@duboucher.eu wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bean a écrit :
Hi,
Oh, I just come up with a better way to do this:
typedef char grub_password_t[1024];
int
grub_auth_strcmp (const grub_password_t s1, const
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
richardvo...@gmail.com a écrit :
for (it = retval = 0; it PASSPHRASE_MAXSIZE; it++, input++, key++)
After changing the parameter type, those postincrements won't do what
you expect.
Damn examinations; I really need to sleep! =)
-BEGIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bean a écrit :
Hi,
My previous function ensures that execution time is the same
regardless of the input. Although it's not necessary, I guess it's a
nice feature to have. BTW, the simpler function does leak one
information, the size of buffer
Duboucher Thomas wrote:
Bean a écrit :
Hi,
My previous function ensures that execution time is the same
regardless of the input. Although it's not necessary, I guess it's a
nice feature to have. BTW, the simpler function does leak one
information, the size of buffer as the execution
Bean wrote:
On Tue, Nov 10, 2009 at 10:25 PM, Duboucher Thomas tho...@duboucher.eu
wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bean a écrit :
Hi,
Oh, I just come up with a better way to do this:
typedef char grub_password_t[1024];
int
grub_auth_strcmp (const
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vladimir 'phcoder' Serbinenko a écrit :
With this change grub_auth_strcmp becomes a misnomer. I would prefer to
call it grub_auth_memcmp then. I'll also look into which other free
secure strcmp are available
Asking developpers of projects
On Mon, Nov 9, 2009 at 9:04 AM, Robert Millan r...@aybabtu.com wrote:
A security problem [1] was found in our password-checking routines,
which affects GRUB 1.97. I'll be releasing 1.97.1 tomorrow.
Additionally, I cherry-picked fixes for a few problems that should
have made it to the
Bean wrote:
On Mon, Nov 9, 2009 at 9:04 AM, Robert Millan r...@aybabtu.com wrote:
A security problem [1] was found in our password-checking routines,
which affects GRUB 1.97. I'll be releasing 1.97.1 tomorrow.
Additionally, I cherry-picked fixes for a few problems that should
have made
On Sun, Nov 08, 2009 at 06:08:39PM -0800, Jordan Uggla wrote:
None of the .sh scripts ( autogen.sh and the scripts it uses ) are
executable; I needed to chmod 744 *.sh before I could run
./autogen.sh successfully. After doing that make failed with an error
in auth.c. This was with revision
On Mon, Nov 09, 2009 at 02:50:36PM +0100, Vladimir 'phcoder' Serbinenko wrote:
Actually, the function of grub_auth_strcmp puzzles me, why would it
need to wait 100 ms to return the result ?
10 ms actually. The goal is to take same amount of time indpendently of
input values. But probably
Bean wrote:
On Mon, Nov 9, 2009 at 9:50 PM, Vladimir 'phcoder' Serbinenko
phco...@gmail.com wrote:
Bean wrote:
On Mon, Nov 9, 2009 at 9:04 AM, Robert Millan r...@aybabtu.com wrote:
A security problem [1] was found in our password-checking routines,
which affects GRUB 1.97.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vladimir 'phcoder' Serbinenko a écrit :
Bean wrote:
On Mon, Nov 9, 2009 at 9:50 PM, Vladimir 'phcoder' Serbinenko
phco...@gmail.com wrote:
Hi,
int
grub_auth_strcmp (const char *s1, const char *s2)
{
int ret;
grub_uint64_t end;
On Mon, Nov 09, 2009 at 06:46:16PM +0100, Duboucher Thomas wrote:
Ok, I typed this in a few minutes and I'm not confident either with
what I wrote; I would check that it works first. ;)
But the point here is that whatever the user gives as an input, it is
executed exactly n-th
Robert Millan wrote:
On Mon, Nov 09, 2009 at 06:46:16PM +0100, Duboucher Thomas wrote:
Ok, I typed this in a few minutes and I'm not confident either with
what I wrote; I would check that it works first. ;)
But the point here is that whatever the user gives as an input, it is
On Mon, Nov 09, 2009 at 07:15:48PM +0100, Vladimir 'phcoder' Serbinenko wrote:
Robert Millan wrote:
Actually, modern CPUs are very complex and the number of operations (or
time taken by them) isn't easy to predict.
It's generally a good practice to do exactly same operations
On Tue, Nov 10, 2009 at 2:25 AM, Robert Millan r...@aybabtu.com wrote:
On Mon, Nov 09, 2009 at 07:15:48PM +0100, Vladimir 'phcoder' Serbinenko wrote:
Robert Millan wrote:
Actually, modern CPUs are very complex and the number of operations (or
time taken by them) isn't easy to predict.
Bean wrote:
On Tue, Nov 10, 2009 at 2:25 AM, Robert Millan r...@aybabtu.com wrote:
On Mon, Nov 09, 2009 at 07:15:48PM +0100, Vladimir 'phcoder' Serbinenko
wrote:
Robert Millan wrote:
Actually, modern CPUs are very complex and the number of operations (or
time taken by
On Tue, Nov 10, 2009 at 2:46 AM, Vladimir 'phcoder' Serbinenko
phco...@gmail.com wrote:
Bean wrote:
On Tue, Nov 10, 2009 at 2:25 AM, Robert Millan r...@aybabtu.com wrote:
On Mon, Nov 09, 2009 at 07:15:48PM +0100, Vladimir 'phcoder' Serbinenko
wrote:
Robert Millan wrote:
Actually, modern
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bean a écrit :
Hi,
This one work:
int
auth_strcmp (const char *s1, const char *s2)
{
int result = 0;
while (1)
{
result += (*s1 != *s2);
if (*s1 == 0)
break;
s1++;
s2++;
}
return
Duboucher Thomas wrote:
Bean a écrit :
Hi,
This one work:
int
auth_strcmp (const char *s1, const char *s2)
{
int result = 0;
while (1)
{
result += (*s1 != *s2);
if (*s1 == 0)
break;
s1++;
s2++;
}
return (result != 0);
On Mon, Nov 09, 2009 at 10:43:48PM +0100, Duboucher Thomas wrote:
Well, the only way to solve that problem would be IMHO to add a limit
to the size of s2, and use this maximum size as an end condition for the
'for' statement. Any better idea? :)
We have a maximum line read size anyway.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert Millan a écrit :
On Mon, Nov 09, 2009 at 10:43:48PM +0100, Duboucher Thomas wrote:
Well, the only way to solve that problem would be IMHO to add a limit
to the size of s2, and use this maximum size as an end condition for the
'for'
Duboucher Thomas wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert Millan a écrit :
On Mon, Nov 09, 2009 at 10:43:48PM +0100, Duboucher Thomas wrote:
Well, the only way to solve that problem would be IMHO to add a limit
to the size of s2, and use this maximum size as
On Mon, Nov 9, 2009 at 4:46 PM, Duboucher Thomas tho...@duboucher.eu wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert Millan a écrit :
On Mon, Nov 09, 2009 at 10:43:48PM +0100, Duboucher Thomas wrote:
Well, the only way to solve that problem would be IMHO to add a limit
to
Hello,
I'd be concerned about (s1 != s2). Depending on how efficiently this
compiles, could not branch prediction make this faster for match vs. not
match, etc?. I'd be worried about all the ways (and future ways) compilers
might help us and introduce time differences.
I was avoiding
richardvo...@gmail.com wrote:
Hello,
I'd be concerned about (s1 != s2). Depending on how efficiently this
compiles, could not branch prediction make this faster for match vs. not
match, etc?. I'd be worried about all the ways (and future ways) compilers
might help us and introduce time
On Tue, Nov 10, 2009 at 5:34 AM, Vladimir 'phcoder' Serbinenko
phco...@gmail.com wrote:
But now it has a technical problem: it may read post array definitions.
If any of post-array memory is MMIO or absent reading from it may have
peculiar consequences
Also, because s1 and s2 have two
A security problem [1] was found in our password-checking routines,
which affects GRUB 1.97. I'll be releasing 1.97.1 tomorrow.
Additionally, I cherry-picked fixes for a few problems that should
have made it to the release, like GNU/Hurd support (see NEWS file
for details). The release branch
On Mon, Nov 09, 2009 at 02:04:22AM +0100, Robert Millan wrote:
The release branch is available in:
sftp://bzr.savannah.gnu.org/srv/bzr/grub/branches/release_1_97/
Or via http if you don't have a Savannah account:
http://bzr.savannah.gnu.org/r/grub/branches/release_1_97/
--
Robert
None of the .sh scripts ( autogen.sh and the scripts it uses ) are
executable; I needed to chmod 744 *.sh before I could run
./autogen.sh successfully. After doing that make failed with an error
in auth.c. This was with revision 1780. I've attached the output from
./configure and make.
On Sun,
37 matches
Mail list logo
