Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 2 May 2012 16:14:10 +0200
From: Lukas Odzioba <lukas.odzioba@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: wpapsk.h warnings

2012/5/2 Solar Designer <solar@...nwall.com>:
> Lukas, magnum -
>
> On Tue, May 01, 2012 at 11:57:05PM +0200, magnum wrote:
>> I get these warnings when building. The first one looks like an actual
>> bug to me, or maybe I misunderstand the code:
>>
>> In file included from opencl_wpapsk_fmt.c:15:0:
>> wpapsk.h: In function ???decode_hccap???:
>> wpapsk.h:102:9: warning: array subscript is above array bounds
>> [-Warray-bounds]
>>
>> The array is char[6] but you write all the way to 118 * 3, no?
>
> I looked into this yesterday.  The out-of-bounds writes look intentional
> (I think they're still within the struct, although I did not verify
> that), but there's assumption that they're permitted and that the struct
> is packed.  We can only ensure the latter with specific compilers (such
> as with gcc's __attribute__((packed)), which we'll need to specify),
> although in practice I am not aware of cases of compilers inserting
> padding between fields of type char.
>
> I think it'd be best to rewrite this, maybe by using a union - one
> sufficiently large array union'ed with a struct - although that still
> depends on the struct being packed.
>
> Alexander

Code may look weird but it was intentional. I didn't want to
parse/copy each parameter separately. I added in hccap2john and in
_fmt files asserts(sizeof(hccap)==HCCAP_SIZE);
I am not absolutely sure but this in my opinion catch out of struct
error if it may occur.

If necessary I could rewrite this method in "proper" way.

Lukas

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ