Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 26 Mar 2012 10:18:32 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: [JtR patch] Fast cracker for Mozilla Firefox, Thunderbird
 and SeaMonkey master passwords.

On 03/26/2012 10:14 AM, Dhiru Kholia wrote:
> On Mon, Mar 26, 2012 at 12:20 PM, magnum <john.magnum@...hmail.com> wrote:
>> On 03/26/2012 05:01 AM, Dhiru Kholia wrote:
>> The KeyCrackData struct has char globalSalt[17] but you read 24 bytes
>> into it in line 122 of KeyDBCracker.c
> 
> heh, All this code is from FireMasterLinux project. I will fix this
> after work today. Thanks for noticing it. However, why is fseek
> resulting in a segfault? It is quite puzzling. File handle and offset
> are both valid.

Because that buffer overrun of globalSalt overwrites the fd! So you are
calling fseek with a trashed file descriptor.

I suppose it should be globalSalt[25] now. I see from the comments it
has grown over time (with newer versions of Mozilla) from 16 but they
forgot to bump the size in the struct.

Problem is gone once this is fixed.

magnum


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ