Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Feb 2013 22:38:11 +0200
From: Milen Rangelov <gat3way@...il.com>
To: john-dev@...ts.openwall.com
Subject: Minor problem in ODF format

Hello,

While working on my odf plugin and using the jtr format as a reference, I
noticed a minor problem that could cause false negatives with some
documents.

Problem is here:

BF_set_key(&bf_key, cur_salt->key_size, key);
BF_cfb64_encrypt(cur_salt->content, output, 1024, &bf_key, ivec,
&bf_ivec_pos, 0);
SHA1_Init(&ctx);
SHA1_Update(&ctx, output, 1024);
SHA1_Final((unsigned char*)crypt_out[index], &ctx);


With certain documents (very small in size, e.g just 1-2 short
paragraphs) it is possible that the size of content.xml is less than
1024 bytes and in that case there is no need to decrypt 1024 bytes and
hash the result because the actual size is less than that (decryption
is OK, but hashing would definitely produce wrong result).

This can cause more problems earlier in the parsing code though
because we're reading out of bounds:

p = strtok(NULL, "*");
for (i = 0; i < 1024; i++)
cs.content[i] = atoi16[ARCH_INDEX(p[i * 2])] * 16
         	+ atoi16[ARCH_INDEX(p[i * 2 + 1])];


This is a minor problem, yet quite easy to fix.


Regards,
Milen

[ CONTENT OF TYPE text/html SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ