On Mon, Nov 9, 2009 at 9:04 AM, Robert Millan <r...@aybabtu.com> wrote: > > A security problem [1] was found in our password-checking routines, > which affects GRUB 1.97. I'll be releasing 1.97.1 tomorrow. > > Additionally, I cherry-picked fixes for a few problems that should > have made it to the release, like GNU/Hurd support (see NEWS file > for details). The release branch is available in: > > sftp://bzr.savannah.gnu.org/srv/bzr/grub/branches/release_1_97/ > > If you have time, please test this tree, specially password support, > to help find possible problems.
Hi, Actually, the function of grub_auth_strcmp puzzles me, why would it need to wait 100 ms to return the result ? grub_auth_strcmp is used in many place, so the authorized could take some time to complete. And there is a hidden issue in it, grub_auth_strcmp can accept NULL pointer as input, but grub_strcmp doesn't check for NULL pointer. -- Bean My repository: https://launchpad.net/burg Document: https://help.ubuntu.com/community/Burg _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
