Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 17 Aug 2012 15:22:16 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
CC: Pavel Semjanov <pavel@...janov.com>
Subject: Re: RAR early reject

On 2012-08-17 14:31, Pavel Semjanov wrote:
> On 17.08.2012 8:04, magnum wrote:
>> Milen,
>>
>> Thanks to JimF's pkzip code and some crucial hints from Pavel Semjanov,
>> I finally nailed the early reject we wanted! Have a look at this:
> 
> You're welcome. However, I don't quite understand this code fragment:
> 
> if (plain[0] & 0x80) {
> // PPM checks here.
> if (!(plain[2] & 0x20) || // Reset bit must be set
> (plain[2] & 0xc0) || // MaxOrder must be < 64
> (plain[3] & 0x80)) // MaxMB must be < 128
> goto bailOut;
> 
> Reset bit is placed in plain[0], isn't it? Why you're using plain[2]?

I believe it is plain[2]. From unrarppm.c from libclamav:

	Reset = (max_order & 0x20) ? 1 : 0;

and from model.cpp from official unrar:

	bool Reset=(MaxOrder & 0x20)!=0;

Also, this is now tested with well over 100,000 files with no false
reject. BTW, among all those test files (-m1 to -m5) I have yet to see a
valid stream use PPM in the first block. I start to think we can reject
all PPM. Do you know something to the contrary?

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.