I have quality concerns over the feature implementation, namely, the implementation plays fairly lose with the parsing of the argument and should be strict:
- The module doesn't reject if more arguments are given, which will cause issues if we add more arguments in later versions: It will silently reject the specified iteration count, even. - The module uses atoi() to parse the first argument. This does not do any error checking. Please use strtol() instead such that passing weird stuff like 1337garbage is not accepted. Please make appropriate changes in resolute and prepare updated SRUs, and include test cases for bogus arguments and too many arguments. I'm going to reject the SRUs in the meantime. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2125685 Title: pbkdf2 needs configurable hashing rounds for FIPS 140-3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/2125685/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
