On Fri, Nov 21, 2003, Alan DeKok wrote: >Bill Campbell <[EMAIL PROTECTED]> wrote: >> On a related security note, the src/lib/radius.c program has several >> references to msg_auth_vector and calc_auth_vector starting around line >> 1108 with several memcpy and memcmp operations, some of which refer use >> sizeof(calc_auth_vector) for the length, others with AUTH_VECTOR_LEN. >> Given that msg_auth_vector is an array of uint8_t size AUTH_VECTOR_LEN, I >> doubt these lengths would be same. > > Huh? Why? > > For uint8_t arrays, The 'sizeof' the array is the number of elements.
OK. While that may be the case for uint8_t, it seems to me that good coding practice is to use sizeof here and not depend on knowledge of the internal size of the elements. I may be a bit paranoid about this, because I've been know to shoot myself in the feet as a result of structure padding and such. Bill -- INTERNET: [EMAIL PROTECTED] Bill Campbell; Celestial Software LLC UUCP: camco!bill PO Box 820; 6641 E. Mercer Way FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676 URL: http://www.celestial.com/ ``The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all.'' -- H. L. Mencken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
