Code review request: 8016594: Native Windows ccache still reads DES tickets

Xuelei Fan xuelei.fan at oracle.com
Wed Aug 7 13:09:13 UTC 2013


On 8/7/2013 7:53 PM, Dmitry Samersoff wrote:
> Xuelei,
> 
> 1. strncmp calls strlen at first, so explicit call to strlen is not
> necessary.
> 
I was wondering to make the comparing when the length of serverName is
bigger than strlen("krbtgt").  For example, "krbtgt_extra".  Mine
suggested code is incorrect, as the output name of krb5_unparse_name may
be "krbtgt_extra/h.o.s.t at realm", but not "krbtgt_extra".

It's a little problem, but we might want to make the comparing more
precisely.

> 2. strlen("krbtgt") == sizeof("krbtgt")-1
> as sizeof count terminating 0.
> 
You are right.

Xuelei

> -Dmitry
> 
> 
> On 2013-08-07 15:31, Xuelei Fan wrote:
>> On 8/7/2013 6:58 PM, Weijun Wang wrote:
>>>
>>>
>>> On 8/7/13 5:23 PM, Dmitry Samersoff wrote:
>>>> Weijun,
>>>>
>>>> nativeccache.c:
>>>>
>>>> 322: Could you change strlen("krbtgt") to sizeof("krbtgt")-1 to save a
>>>> bit of computer power?
>>>
>>> Sure.
>>
>> strncmp() is normally work with strlen() while comparing two strings, in
>> case the length of the two string are not equal.
>>
>> - 322  if (strncmp (serverName, "krbtgt", strlen("krbtgt")) == 0 &&
>> + 322  if (strlen(serverName) == sizeof("krbtgt") &&
>> +        strncmp (serverName, "krbtgt", sizeof("krbtgt")) == 0 &&
>>
>> BTW, as it is a local function, would you like to add a "static" keyword
>> to isIn() function?
>>
>> Xuelei
>>
> 
> 




More information about the security-dev mailing list