Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 31 May 2011 01:27:41 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: Re: John 1.7.7-jumbo-5

On 2011-05-27 17:05, jfoug wrote:
> I believe that the code as released (jumbo-5-RC7) has all changes in it,
> and this version should be built and tested as hopefully THE release to
> become a public Jumbo-5 release.

A couple of new bugs were found/fixed as the test suite evolved. I just 
uploaded john-1.7.7-jumbo-5-RC7-bugfixes.diff.gz to the wiki, containing 
the following fixes:

* Truncation fixes for NT and mscash (UTF-8 only). This fixes a problem 
where some kinds of very long plaintexts could trash another candidate 
in the key buffer.

* A similar (also UTF-8 only) bug in both mssql and mssql05 set_key() 
that could write past buffer.

* One fix from the NT and mscash patch also propagated to the shared 
unicode function: We need to fail/truncate at all malformed UTF-8, but 
we didn't when encountering characters higher than U+FFFF. Related to 
this, Jim showed that the maximum UTF-8 octets for one UCS-2 character 
is 3, not 4 and this is now changed in saved_plain buffers in a couple 
of formats (helping memory footprint).

* Raw-md5-unicode max length bumped to 27 characters (it was 53 octets 
for some odd reason, failing the "standard" test suite length of 27 chars)

* #ifdef fixes for a couple of formats (though that "bug" would only 
surface if someone wanted to experiment with turning off an optimisation 
for hmac_md5 that I made optional)

I know of no more outstanding issues.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ