|
Date: Mon, 10 Sep 2012 18:43:53 +0200 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: Cracking Office 2013 files with JtR On 2012-09-10 18:34, Dhiru Kholia wrote: > - inputBuf = (unsigned char *)malloc(0x14 + 0x04); > + inputBuf = (unsigned char *)malloc(0x14 + 0x04 + 4); > > Some time back, I was thinking of getting rid of these malloc all together. Yeah, they are small enough they could be stack variables. I'm still digging around in the code, I may be posting more patches. It's a good way to get a feel for the code, so I can start writing the OpenCL format :) > static unsigned char *DeriveKey(unsigned char *hashValue) > { > ... > X1 = (unsigned char *)malloc(20); > ... > return X1; > } > > DeriveKey function can be changed so that it writes to a given static > buffer (Office 2010 and 2013 code path do it this way). No possibility > of memory leak then. > > (3) Same applied for "static unsigned char* > GeneratePasswordHashUsingSHA1" function. I guess statics would be problematic for OMP, we need to pass buffer pointers from the caller here too. BTW, I just now committed some assertions (well, just warning output) in case DeriveKey() ends up not returning X1. Could that happen at all? If not, no harm done. If it *can* happen, we will now rather warn than segfault :) I'll also verify all test hashes Rich supplied, or did you do that already? magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.