Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 8 Jun 2011 06:35:49 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: 1.7.7-jumbo-6

Jim, Dhiru -

On Tue, Jun 07, 2011 at 09:26:45PM -0500, JFoug wrote:
> >I am also considering these for inclusion:
> >
> >john-1.7.6-hmailserver-02.diff.gz
> >john-1.7.7-jumbo-1-SybaseASE-01.diff.gz
> >
> >likely with a compile-time setting to disable them on old OpenSSL.
> 
> A couple of things.
> 
> 1. ditch the strnlen() and switch it to a strlen.

Already done.

> This function is not on 
> Mac, on MinGW, on Solaris, and I am pretty sure we will find other environs 
> it is not on.  The strnlen is only in valid, and it is easy to see what it 
> is supposed todo, and make it work properly with strlen instead.

Actually, I couldn't see what it was supposed to do.  The very use of
strnlen() in that place looked like a bug to me.  So I simply replaced
it with strlen(), and the self-tests still work.  Maybe I am not aware
of something obscure specific to those formats.

> 2. I hope there is a way to 'test' for oldssl.  I can compile it on 
> sparc-32, but I had linkage problems.  It built and linked fine on 
> sparc-64, but that is because I am using a 'local' ssl build that is 
> 1.0.1.0d or some version like that.

Yes, I tested OpenSSL 0.9.7m and 1.0.0d.  Of course, these two formats
are disabled with 0.9.7m, but this test revealed an issue in rar_fmt.c,
which I patched in -RC3.

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ