Code review request: 8016594: Native Windows ccache still reads DES tickets
Xuelei Fan
xuelei.fan at oracle.com
Wed Aug 7 13:09:13 UTC 2013
On 8/7/2013 7:53 PM, Dmitry Samersoff wrote:
> Xuelei,
>
> 1. strncmp calls strlen at first, so explicit call to strlen is not
> necessary.
>
I was wondering to make the comparing when the length of serverName is
bigger than strlen("krbtgt"). For example, "krbtgt_extra". Mine
suggested code is incorrect, as the output name of krb5_unparse_name may
be "krbtgt_extra/h.o.s.t at realm", but not "krbtgt_extra".
It's a little problem, but we might want to make the comparing more
precisely.
> 2. strlen("krbtgt") == sizeof("krbtgt")-1
> as sizeof count terminating 0.
>
You are right.
Xuelei
> -Dmitry
>
>
> On 2013-08-07 15:31, Xuelei Fan wrote:
>> On 8/7/2013 6:58 PM, Weijun Wang wrote:
>>>
>>>
>>> On 8/7/13 5:23 PM, Dmitry Samersoff wrote:
>>>> Weijun,
>>>>
>>>> nativeccache.c:
>>>>
>>>> 322: Could you change strlen("krbtgt") to sizeof("krbtgt")-1 to save a
>>>> bit of computer power?
>>>
>>> Sure.
>>
>> strncmp() is normally work with strlen() while comparing two strings, in
>> case the length of the two string are not equal.
>>
>> - 322 if (strncmp (serverName, "krbtgt", strlen("krbtgt")) == 0 &&
>> + 322 if (strlen(serverName) == sizeof("krbtgt") &&
>> + strncmp (serverName, "krbtgt", sizeof("krbtgt")) == 0 &&
>>
>> BTW, as it is a local function, would you like to add a "static" keyword
>> to isIn() function?
>>
>> Xuelei
>>
>
>
More information about the security-dev
mailing list