Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Dec 2012 03:11:55 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: fixing the valid() methods

On 10 Dec, 2012, at 1:27 , Solar Designer <solar@...nwall.com> wrote:
> On Wed, Sep 19, 2012 at 01:15:37AM +0400, Alexander Cherepanov wrote:
>> On 2012-09-17 01:23, Alexander Cherepanov wrote:
>>> And I suspect that every format with trivial valid() -- there are
>>> ~40-50 of them --  have buffer overflows in get_salt and/or similar
>>> functions. You don't need a code analyzer to find them.
>> 
>> To have something for a start here are crashers for 36 formats:
> ...

Here's a curious patch you can apply (do not commit) for breaking many formats' valid(). It just drops the last character of the ciphertext and calls valid() until there's nothing left. Problems will unfortunately be indicated by a segfault :-)

The first test that dies from this in a full test run is KRB4.

magnum


[ CONTENT OF TYPE application/octet-stream SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ