OT: looking for help remembering name/info about security bug

Stan Sieler sieler at allegro.com
Tue Jan 11 00:04:33 CST 2022


Hi,

I'm trying to remember the name (and some information about) a past
security bug, for an article.

Somewhere between 4 and 6 years ago (I think), there was a fairly major
security bug reported (probably in Linux, or in SSH code, but
something widely used).

IIRC, the bug was a single line that called a function (possibly along the
lines of CredentialsCheck), and may have involved a bit-wise or (or and)
instead of a logical one.

It may have been that either the routine wasn't getting called when it
should, or that the programmer misinterpreted what the return value meant.

Ring any bells?

thanks!

Stan


More information about the cctalk mailing list