[OTR-dev] sourceforge / parse.c in toolkit.c

Ian Goldberg ian at cypherpunks.ca
Sat Jul 20 18:49:28 EDT 2013


On Sat, Jul 20, 2013 at 06:33:49PM -0400, Bjorn Kuiper wrote:
> Hi,
> 
> Not sure if you want me to use sourceforge or this mailing list.
> 
> I will try this mailing list first, because I know it is actively monitored.
> 
> While working on my project I noticed the following code in parse.c
> part of the toolkit folder.
> 
> ----
>     if (memcmp(bufp, "\x00\x01\x03", 3) && memcmp(bufp,
> "\x00\x03\x03", 3) &&
> 	memcmp(bufp, "\x00\x02\x03", 3)) goto inv;
> ----
> 
> I don't think this code is doing anything at the moment because the
> "&&" (AND) signs would need to be replaced with the "||" (OR) to
> work properly.
> 
> Greetings Bjorn

Hmm?  memcmp returns 0 on match, and non-0 on mismatch (in fact, it's
more specific than this, but that's not important for this snippet).

So memcmp(bufp, "foo", 3) says "bufp is *not* "foo"".

The above snippet is "if bufp is not "\x00\x01\x03", AND it's not
"\x00\x03\x03", AND it's not "\x00\x02\x03", then it's invalid".

Why is that wrong?

   - Ian (admittedly under the weather at the moment, and so may be
          having backwards-brain :-p )



More information about the OTR-dev mailing list