On Tue, 11 Jan 2022 at 06:04, Stan Sieler via cctalk <cctalk@classiccmp.org> wrote: > > Hi, > > I'm trying to remember the name (and some information about) a past > security bug, for an article. > > Somewhere between 4 and 6 years ago (I think), there was a fairly major > security bug reported (probably in Linux, or in SSH code, but > something widely used). > > IIRC, the bug was a single line that called a function (possibly along the > lines of CredentialsCheck), and may have involved a bit-wise or (or and) > instead of a logical one. > > It may have been that either the routine wasn't getting called when it > should, or that the programmer misinterpreted what the return value meant. > > Ring any bells?
Just on the offchangce the bell might be named "Apple" (it's a goto fail rather than a bit-wise issue) https://nakedsecurity.sophos.com/2014/02/24/anatomy-of-a-goto-fail-apples-ssl-bug-explained-plus-an-unofficial-patch/ David
