Re: Imminent bugfix release (1.97.1)

[Vladimir 'phcoder' Serbinenko]

Duboucher Thomas wrote:
> Bean a écrit :
> > Hi,
>
> > My previous function ensures that execution time is the same
> > regardless of the input. Although it's not necessary, I guess it's a
> > nice feature to have. BTW, the simpler function does leak one
> > information, the size of buffer as the execution time would increase
> > until the buffer size is reached.
>
>
>     Hi,
>
>     Yes, constant time of execution _is_ a constraint of this function.
> However, I don't think that giving access to the size of the buffer is a
> leak per se, the source code of Grub being available for everyone; We
> only need not to leak more informations than already available.
>
Yes. No security analysis can assume attacker doesn't have the source code
>     Thomas.

_______________________________________________
Grub-devel mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/grub-devel



-- 
Regards
Vladimir 'phcoder' Serbinenko

signature.asc
Description: OpenPGP digital signature