Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 9 Apr 2013 20:56:40 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: testing all valid()s

On Tue, Apr 9, 2013 at 2:56 PM, Alexander Cherepanov <cherepan@...me.ru> wrote:
> On 2013-04-09 01:36, Dhiru Kholia wrote:
>> Strange. I fixed the mozilla format earlier today.
>
> There are no checks for lengths of fields in mozilla format so that they
> could easily overflow fixed-sized buffers in KeyCrackData structure. And
> john crashed at least on this:

I have fixed this problem now in commit 82beaf39.

(I should fix other formats which have similar problem).

> > Another problem is that salt_struct->keyCrackData.oidLen (instead of
> salt_struct->keyCrackData.encDataLen) is used as a length for
> salt_struct->keyCrackData.encData in get_salt.

Good catch! Fixed :-)

-- 
Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ