Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Sep 2012 22:04:05 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Cracking Office 2013 files with JtR

On Mon, Sep 10, 2012 at 8:51 PM, magnum <john.magnum@...hmail.com> wrote:
> Prepearing for the OpenCL version, I started looking into this format
> and found a fatal memory leak in Office 2007 as well as some obvious
> optimizations in all versions. They did not affect performance much (not
> in inner loop) but there were alloc/free's and memcpy/memmove's which I
> try to squat when possible - and it did not affect readability much.

Thanks for fixing the leak in Office 2007 code path. I should have
tested it more.

(1)

-  inputBuf = (unsigned char *)malloc(0x14 + 0x04);
+ inputBuf = (unsigned char *)malloc(0x14 + 0x04 + 4);

Some time back, I was thinking of getting rid of these malloc all together.

(2)

static unsigned char *DeriveKey(unsigned char *hashValue)
{
        ...
        X1 = (unsigned char *)malloc(20);
        ...
        return X1;
}

DeriveKey function can be changed so that it writes to a given static
buffer (Office 2010 and 2013 code path do it this way). No possibility
of memory leak then.

(3) Same applied for "static unsigned char*
GeneratePasswordHashUsingSHA1" function.

(4) GenerateAgileEncryptionKey and GenerateAgileEncryptionKey512
functions are slightly better but we can avoid malloc calls within
them.

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ