Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 29 Jan 2013 08:35:04 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: dmg2john

On Tue, Jan 29, 2013 at 2:39 AM, Solar Designer <solar@...nwall.com> wrote:
> dmg2john is in bad shape now.  Here are some issues:
>
> 1. It's not being built by default.  "make dmg2john" builds it, but this
> should be made the default.
>
> 2. It's not integrated into "john", to be similar with other *2john
> tools.  It becomes a separate binary executable.  Perhaps we need to
> integrate it, since it has no dependencies on extra libs.

These two issues have been fixed already. I sent a pull request before
I went to bed yesterday.

> 3. The return values from lseek() are not checked.  They must be!
>
> 4. The return values from read() are either not checked or are checked
> incorrectly.  "<= 0" is not it.  read() may also return with partial
> data.  We need to use a read_loop() function (see popa3d), or at the
> very least detect the partial reads and refuse to work if so.
> Alternatively, we may switch to using "FILE *" and the f*() functions.
>
> 5. As also spotted by Milen:
>
> <@...3way> @jmgosney @jeremiahg @DhiruKholia @solardiz Hm I think I found the problem....cno = ceil(header2.datasize / 4096.0) - 2; cno is int
>
> We must not do any floating-point math.  When header2.datasize is large,
> there may be precision loss here, and the resulting value may be other
> than what we expect.  We should express this without resorting to
> floating-point intermediate values:
>
>         cno = (header2.datasize + 4095) / 4096 - 2;
>
> Milen - is this what you meant, too?

I am looking into these issues.

-- 
Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ