Intel AMT bug was strncmp (h/t @reillyeon).
I’d like to take this time to remind everyone how great of a language C is for secure coding.
-
-
And strncmp is a footgun. It looks like it compares a slice (in Rust terms) to a string. But it actually only checks for a shared prefix.
-
And strncpy was invented for Unix directory entry (`struct direct`) ancient 14-char filenames, NUL-padded but not necessariliy terminated!
- 4 more replies
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.