cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] NTLM: use a fake entropy for debug builds

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 17 Mar 2014 22:32:47 +0100 (CET)

Hi,

I was reminded about the fixed string entropy we use in in the NTLM code for
debug builds. I want debug-builds to still work if used against real world
machines and this fixed string is then a security issue.

I'm suggesting an approach like attached, that allows the test suite to set
the random string to use for testing purposes but it will make curl work
basically as usual outside of the test suite if used for real.

Objections?

-- 
  / daniel.haxx.se

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

TEXT/x-diff attachment: 0001-NTLM-use-a-fake-entropy-for-debug-builds-with-CURL_E.patch

Received on 2014-03-17

This message: [ Message body ]
Next message: Nick Zitzmann: "Re: localhost problem on Mac?"
Previous message: Daniel Stenberg: "localhost problem on Mac?"
Next in thread: Kamil Dudka: "Re: [PATCH] NTLM: use a fake entropy for debug builds"
Reply: Kamil Dudka: "Re: [PATCH] NTLM: use a fake entropy for debug builds"
Reply: Steve Holme: "RE: [PATCH] NTLM: use a fake entropy for debug builds"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]