Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Nov 2011 19:02:15 -0600
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: LM & NT prepare() segfaults

Done.  Pretty trivial patch.  Should have bullet proofed both the pot load,
and all current prepare() functions which reference any element other than
[1].

It is 'assumed' that [1] would always have valid data in it. We could put
checks in there, but I did not.  In all reality, the setting of [0] and
[2]..[9] to point to "" should have been enough.

Jim.

>From: jfoug [mailto:jfoug@....net]
>
>>I'd appreciate it if you look into this and upload a patch - having all
>>prepare()'s check for NULL before using fields beyond the 2nd and/or
>>having the loader set those to "" when parsing the pot.
>
>Will do.  Likely both.  But I do not want to depend upon check for null
>in
>existing formats, only to have a new format come along that does not
>check.
>I would rather put in the checks in the formats which do check, and then
>make sure that pot loader sends non-null values across for those fields.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ