oss-sec mailing list archives

Re: CVE request: crypt_blowfish 8-bit character mishandling

From: Djalal Harouni <tixxdz () opendz org>
Date: Fri, 24 Jun 2011 14:05:17 +0100

On Mon, Jun 20, 2011 at 09:01:11AM +0400, Solar Designer wrote:

Oh, also some builds of crypt_blowfish (and of affected systems/apps)
for PowerPC are probably unaffected, because char is typically unsigned
there (unless overridden in compiler flags for compatibility with more
typical systems).

Just to add that on some (perhaps all) ARM plateforms char is by
default: "unsigned" (unless you compile with -fsigned-char as you have
noted).

This is an old link that expose some problems when you just use 'char var'
on ARM (perhaps not only on ARM):
http://www.arm.linux.org.uk/docs/faqs/signedchar.php

-- 
tixxdz
http://opendz.org

Current thread:

Re: CVE request: crypt_blowfish 8-bit character mishandling, (continued)
- - - Re: CVE request: crypt_blowfish 8-bit character mishandling Michael Matz (Jun 28)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 29)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 27)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Vincent Danen (Jun 21)
  - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 21)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Vincent Danen (Jun 21)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 21)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Vincent Danen (Jun 21)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Solar Designer (Jun 21)
    - Re: CVE request: crypt_blowfish 8-bit character mishandling Vincent Danen (Jun 21)
- Re: CVE request: crypt_blowfish 8-bit character mishandling Djalal Harouni (Jun 24)