Date: Mon, 28 Nov 2011 16:58:18 -0600 From: "jfoug" <jfoug@....net> To: <john-dev@...ts.openwall.com> Subject: RE: 1.7.9-jumbo Submitted Patch 0012 for 1.7.9-jumbo. The changes in MD5, to do the dynamic allocation, required (at least on my builds), that the allocated buffer is properly set to NULL bytes. There is a strlen() call within sse-intrinsics.c (in the md5crypt), which if that buffer is not allocated properly, returned at 52k length of password, opps. Patch 0012 simply memsets the allocated buffer, within md5_fmt's init call. Jim.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ