Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 1 Oct 2012 07:29:45 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Static analysis of John using Coverity

On 1 Oct, 2012, at 2:15 , Alexander Cherepanov <cherepan@...me.ru> wrote:

> On 2012-09-19 03:22, magnum wrote:
>> Also, all (or nearly all) the mentioned formats use input files produced with *2john tools. The risk of bad input is low.
> 
> Unfortunately most *2john tools either happily pass bad input through
> them or crash themselves or both. Examples are in my previous mail.
> 
> It doesn't mean that everything have to be fixed in one day but thinking
> that 2john tools somehow guard john is just wrong. Some of these tools
> are a problem on their own.

Sure, they should be fixed. The context was "not one day before a release". A bug in valid() often crashes other formats than just the offending one.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ