Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 May 2012 20:00:59 +0200
From: magnum <>
Subject: Re: get_source() (was: memory usage within JtR and possible
 ways to significantly reduce it.)


I saw problems with the new code today. When trying to resume a session
or --show=left, it segfaulted at line 493 in loader.c due to
current_pw->source being a NULL pointer (which is expected) sent to
strcmp (which is problematic).

The enclosed patch "fixed" the problem but I am really not sure if this
is correct. Does this hack just omit a dupe check that should be
performed? If so, I guess the real fix would be to actually call our new
get_source() function.


diff --git a/src/loader.c b/src/loader.c
index f35bdc1..03c6cf9 100644
--- a/src/loader.c
+++ b/src/loader.c
@@ -488,6 +488,8 @@ static void ldr_load_pw_line(struct db_main *db, char *line)
 			int collisions = 0;
 			if ((current_pw = db->password_hash[pw_hash]))
 			do {
+				if (!current_pw->source)
+					continue;
 				if (!memcmp(current_pw->binary, binary,
 				    format->params.binary_size) &&
 				    !strcmp(current_pw->source, piece)) {

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ