Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 09 Apr 2013 13:26:40 +0400
From: Alexander Cherepanov <cherepan@...me.ru>
To: john-dev@...ts.openwall.com
Subject: Re: testing all valid()s

On 2013-04-09 01:36, Dhiru Kholia wrote:
> Strange. I fixed the mozilla format earlier today.

There are no checks for lengths of fields in mozilla format so that they 
could easily overflow fixed-sized buffers in KeyCrackData structure. And 
john crashed at least on this:

$mozilla$*3*1*1*00*1*00*255*000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*1*00

Another problem is that salt_struct->keyCrackData.oidLen (instead of 
salt_struct->keyCrackData.encDataLen) is used as a length for 
salt_struct->keyCrackData.encData in get_salt.

-- 
Alexander Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ