I read this story, and though, ok, who thought it was a good idea to write their own strcmp. And how do you make that kind of mistake? Well, it turns out you make that kind of mistake by starting with a really convoluted loop in the first place:
Here's the first commit that tried to fix the bug, where you can see the old
corrected to, since it was using ptr2 uninitialized.
The loop looks like its trying to do something if the user types more characters than the stored password. I still don't see how anyone came up with that mess, and haven't made the effort to figure out exactly how it behaves for every input. I'm a fan of the trinary operator, but that loop just made my eyes glaze over.
Fortunately Robert Millan rewrote Vladimir Serbinenko's grub_auth_strcmp function the sane way
while adding a delay to defend against passwd guessing
So now it's just basically
like it should have been in the first place! Don't write complicated logic when you can use standard string functions. Even in a stand-alone program like GRUB where you have to provide your own strcmp.
return strcmp(input, template);