Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 04 Aug 2011 15:14:01 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: Re: issues with 1.7.8-jumbo-5

On 2011-08-04 14:17, Solar Designer wrote:
> magnum -
>
> On Thu, Aug 04, 2011 at 01:28:55PM +0200, magnum wrote:
>> On 2011-08-04 13:13, magnum wrote:
>>> The bug is in --pipe
>>
>> And here it is: An assumption that average line length is at most 16:
>>
>> 	max_pipe_words = (db->options->max_wordfile_memory/16);
>
> Thank you for figuring this out!

I was wrong though. Jim does the right thing but somewhere in this code 
block there must be some kind of fence-post error.

} else {
	pipe_input = 1;
	max_pipe_words = (db->options->max_wordfile_memory/16) - 1;

	word_file_str = mem_alloc(db->options->max_wordfile_memory + 1);
	words = mem_alloc( max_pipe_words * sizeof(char*));
	rules_keep = rules;

GRAB_NEXT_PIPE_LOAD:;
	{
		char *cpi, *cpe;

		log_event("- Reading next block of candidate passwords from stdin pipe");

		// the second (and subsquent) times through, we do NOT call init 
functions.
		if (nWordFileLines)
			init_this_time = 0;

		rules = rules_keep;
		nWordFileLines = 0;
		cpi = word_file_str;
		cpe = (cpi + db->options->max_wordfile_memory) - LINE_BUFFER_SIZE;
		while (nWordFileLines < max_pipe_words) {
			if (!fgetl(cpi, LINE_BUFFER_SIZE, word_file)) {
				pipe_input = 0; /* We are now done.  After processing, do NOT goto 
the GRAB_NEXT... again */
				break;
			}
			if (strncmp(cpi, "#!comment", 9)) {
				words[nWordFileLines++] = cpi;
				cpi += (strlen(cpi)+1);
				if (cpi > cpe)
					break;
			}
		}
		sprintf(msg_buf, "- Read block of %d candidate passwords from pipe", 
nWordFileLines);
		log_event("%s", msg_buf);
	}
}

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ