Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Aug 2012 14:44:56 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: loader.c pwdump bug in CVS core

Solar,

Attached patch is committed to bleeding-jumbo now but the bug is
actually in core CVS. The first hex digit of the LM hash was omitted
(over-written by the field separator), leaving a 31-digit hash.

I just now realize that in Jumbo we should also replace that static ':'
with options.field_sep_char. But as it stands, this patch will apply
as-is to core.

magnum

commit 7dfe81d7be63e4cf4cba42a565314b19743d70b4
Author: magnum <john.magnum@...hmail.com>
Date:   Thu Aug 23 11:04:44 2012 +0200

    loader.c: Bugfix for pwdump files when uid is re-inserted in source.
    NOTE: This bugfix applies to core 1.7.9.6 too!

diff --git a/src/loader.c b/src/loader.c
index 883003a..ecfba4f 100644
--- a/src/loader.c
+++ b/src/loader.c
@@ -296,7 +296,7 @@ static int ldr_split_line(char **login, char **ciphertext,
 		/* Re-introduce the previously removed uid field */
 		if (source) {
 			int shift = strlen(uid);
-			memmove(source + shift, source, strlen(source) + 1);
+			memmove(source + shift + 1, source, strlen(source) + 1);
 			memcpy(source, uid, shift);
 			source[shift] = ':';
 		}

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ