notes to self and others reviewing this patch (sasl package guru ?): * the strncmp's around line 62 in the patch might as well use pass_format_str instead of p * the hardcoded 11 there bothers me * strcasecmp ? * this part in _sasl_get_salt is partially redundant: + /* blowfish crypt */ + else if (src[1] == '2') + num = (src[1] == '2' && src[2] == 'a') ? 17 : 16; * _sasl_get_salt returns 1 regardless whether or not dest (&salt) was written to, and the return value is never checked this is probably not exploitable, but non-nice * I don't grok exactly how auxprop_values[...] is structured, but the patch seems to do sensible things with it :)
other than the above, seems fine to me. -- Feature request: add patch to enable crypted passwords https://bugs.launchpad.net/bugs/228712 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs