Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Sep 2012 10:58:01 +0400
From: Alexander Cherepanov <>
Subject: Re: Static analysis of John using Coverity

On 2012-09-19 01:15, Alexander Cherepanov wrote:
> On 2012-09-17 01:23, Alexander Cherepanov wrote:
>> And I suspect that every format with trivial valid() -- there are
>> ~40-50 of them --  have buffer overflows in get_salt and/or similar
>> functions. You don't need a code analyzer to find them.
> To have something for a start here are crashers for 36 formats:
> They crash fresh magnum-john built linux-x86-64i. Didn't take time to
                                    ^ for          ^ I
> really trigger buffer overflows in all these cases. And I didn't look at
> cuda and opencl formats at all.

If forgot to include several cases. john crashes on this:


john overflows dynamic buffer, supposedly overwrites test vectors and
then fails self-test on this:


john crashes while reading file consisting of two lines:


john --format=dynamic_21 crashes on this:


(it doesn't crash without --format).

Alexander Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ