On Wed, Nov 23, 2011 at 07:12:49PM +0000, Ralf Baechle wrote: > On Wed, Nov 23, 2011 at 09:22:16AM +0100, walter harms wrote: > > > I am not sure that it does what you intends. > > mnemonic is an array and a malicious use may fill it upto the last char > > causing strlen go beyond. perhaps this may help: > > Correct, it makes thigs worse. I'm going to reply in detail later tonight, > have to bail out now. > Ok. I said in a different thread that I was going to redo these using strnlen() but I'll wait to read your comments. regards, dan carpenter
Attachment:
signature.asc
Description: Digital signature