Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Apr 2013 04:17:12 +0400
From: Alexander Cherepanov <cherepan@...me.ru>
To: john-dev@...ts.openwall.com
Subject: Re: testing all valid()s

On 2013-04-09 19:26, Dhiru Kholia wrote:
> On Tue, Apr 9, 2013 at 2:56 PM, Alexander Cherepanov<cherepan@...me.ru>  wrote:
>> On 2013-04-09 01:36, Dhiru Kholia wrote:
>>> Strange. I fixed the mozilla format earlier today.
>>
>> There are no checks for lengths of fields in mozilla format so that they
>> could easily overflow fixed-sized buffers in KeyCrackData structure. And
>> john crashed at least on this:
>
> I have fixed this problem now in commit 82beaf39.

That's much better, thanks.

-- 
Alexander Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ