[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 21 Jul 2012 17:57:12 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: WPA-PSK valid()
Lukas - oh, I see that you added validation of the base-64 encoding and
total length in valid(), but there's still no validation of eapol_size.
This must be added. Since I am tired of "tracking" this little issue,
can you please take care of this (and re-test) within 3 days? Thanks!
On Mon, Jul 09, 2012 at 10:57:51AM +0400, Solar Designer wrote:
> Lukas - can you implement the valid() enhancements proposed below, then
> re-test, please? Thanks.
>
> On Fri, Jun 29, 2012 at 12:24:47AM +0400, Solar Designer wrote:
> > Lukas -
> >
> > On Fri, Jun 29, 2012 at 12:12:08AM +0400, Solar Designer wrote:
> > > The attached patch makes the WPA-PSK format (CPU) work on big-endian
> >
> > BTW, perhaps eapol_size and keyver should be validated in valid() and in
> > hccap2john.c.
> >
> > Do these come from an external tool? Or even directly from network
> > traffic? In the latter case, we might even have a remote arbitrary code
> > execution vulnerability here. %-)
> >
> > Also, is it specified (where?) that these are in little-endian form, or
> > does this vary between builds of whatever tool creates the file?
> >
> > Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
