notes to self and others reviewing this patch (sasl package guru ?):
* the strncmp's around line 62 in the patch might as well use pass_format_str instead of p
* the hardcoded 11 there bothers me
* strcasecmp ?
* this part in _sasl_get_salt is partially redundant:
+ /* blowfish crypt */
+ else if (src[1] == '2')
+ num = (src[1] == '2' && src[2] == 'a') ? 17 : 16;
* _sasl_get_salt returns 1 regardless whether or not dest (&salt) was written to, and the return value is never checked
this is probably not exploitable, but non-nice
* I don't grok exactly how auxprop_values[...] is structured, but the patch seems to do sensible things with it :)
notes to self and others reviewing this patch (sasl package guru ?):
* the strncmp's around line 62 in the patch might as well use pass_format_str instead of p
* the hardcoded 11 there bothers me
* strcasecmp ?
* this part in _sasl_get_salt is partially redundant:
+ /* blowfish crypt */
+ else if (src[1] == '2')
+ num = (src[1] == '2' && src[2] == 'a') ? 17 : 16;
* _sasl_get_salt returns 1 regardless whether or not dest (&salt) was written to, and the return value is never checked
this is probably not exploitable, but non-nice
* I don't grok exactly how auxprop_values[...] is structured, but the patch seems to do sensible things with it :)
other than the above, seems fine to me.