On Tue, 11 Jan 2022 at 06:04, Stan Sieler via cctalk
<cctalk at classiccmp.org> wrote:
Hi,
I'm trying to remember the name (and some information about) a past
security bug, for an article.
Somewhere between 4 and 6 years ago (I think), there was a fairly major
security bug reported (probably in Linux, or in SSH code, but
something widely used).
IIRC, the bug was a single line that called a function (possibly along the
lines of CredentialsCheck), and may have involved a bit-wise or (or and)
instead of a logical one.
It may have been that either the routine wasn't getting called when it
should, or that the programmer misinterpreted what the return value meant.
Ring any bells?
Just on the offchangce the bell might be named "Apple" (it's a goto
fail rather than a bit-wise issue)
https://nakedsecurity.sophos.com/2014/02/24/anatomy-of-a-goto-fail-apples-s…
David