Intel AMT bug was strncmp (h/t @reillyeon).
I’d like to take this time to remind everyone how great of a language C is for secure coding.
Not to knock your project, but it has essentially 0 market share. Dependencies in C are terrible.
-
-
This conversation started with particular password comparison failure. If such tmp done naively with `==` - it is as secure as strcmp.
-
The problem is that C encourages use of strncmp because you get strings off the wire that aren’t 0-terminated.
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.