Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 26 Jan 2013 14:35:26 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Office format bug

On 01/26/2013 01:54 PM, magnum wrote:
> According to Valgrind, the office format seem to read data from all over
> the place.
>
> Benchmarking: Office 2007/2010 (SHA-1) / 2013 (SHA-512), with AES [32/64
> OpenSSL]... ==22939== Use of uninitialised value of size 8
> ==22939==    at 0x510B254: _x86_64_AES_decrypt_compact (aes-x86_64.s:577)
> ==22939==    by 0x510B571: AES_decrypt (aes-x86_64.s:828)
> ==22939==    by 0x7FEFFD60F: ???
> ==22939==    by 0x7FEFFD6AF: ???
> ==22939==    by 0x7FEFFD74F: ???
> ==22939==    by 0x7FEFFD487: ???
> ==22939==    by 0x1B806F31BFF453C9: ???
> ==22939==    by 0xD342D7A2989D9B7F: ???
> ==22939==    by 0x9A9C13A0008FA466: ???
> ==22939==    by 0x73F06698C26CEE8: ???
> ==22939==    by 0x491480AF3479AF71: ???
> ==22939==    by 0x5CD4A62CAB0D44C6: ???
> ==22939==  Uninitialised value was created by a heap allocation
> ==22939==    at 0x4C2B3F8: malloc (in
> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==22939==    by 0x546ABC: mem_alloc (memory.c:54)
> ==22939==    by 0x546BBA: mem_alloc_tiny (memory.c:86)
> ==22939==    by 0x546C95: mem_calloc_tiny (memory.c:100)
> ==22939==    by 0x4E0574: init (mysql_netauth_fmt_plug.c:62)
> ==22939==    by 0x53DDAA: fmt_init (formats.c:36)
> ==22939==    by 0x536658: benchmark_all (bench.c:418)
> ==22939==    by 0x542E62: john_run (john.c:685)
> ==22939==    by 0x543601: main (john.c:956)
> ==22939==
> ...
>
> According to this, it reads an "uninitialized value" from mysql-netauth
> format's buffer space... not that I get how a calloc'ed buffer can be
> uninitialized. The above is from --test=0 under linux 64-bit, built with
> OMP but using only one thread.

I get it now. mem_alloc_tiny() will malloc() a larger buffer and give 
out portions from that. So this was not actually memory from mysql-na 
but it happened to be allocated when that format used mem_alloc_tiny(). 
We probably don't have a problem at all. I will verify this but you can 
relax for now.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.