Comment 3 for bug 228712

notes to self and others reviewing this patch (sasl package guru ?):
 * the strncmp's around line 62 in the patch might as well use pass_format_str instead of p
 * the hardcoded 11 there bothers me
 * strcasecmp ?
 * this part in _sasl_get_salt is partially redundant:
+ /* blowfish crypt */
+ else if (src[1] == '2')
+ num = (src[1] == '2' && src[2] == 'a') ? 17 : 16;
 * _sasl_get_salt returns 1 regardless whether or not dest (&salt) was written to, and the return value is never checked
   this is probably not exploitable, but non-nice
 * I don't grok exactly how auxprop_values[...] is structured, but the patch seems to do sensible things with it :)

other than the above, seems fine to me.