Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 24 Apr 2013 14:56:19 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: testing all valid()s

This should fix all of the dynamic issues listed (and others not listed).

#2 dynamic_1001
#3 all

Fixed:

VC port of snprintf now in misc.h and snprintf will 'map' to sprintf_s   The
VC _snprintf function does not null terminate an overflow, but sprintf_s
does, and has same signature.

Thc count part of the salt, is now validated in valid, for phpass.

All non salted formats now fail validation if there is anything other than
the hash number.

static buffer overflow, and improper re-use, fixed in prepare().

over long strings not processed in prepare and split.

$B$ signature checked for now in mediawiki, Convert.

I will get a patch together for bleeding shortly.  Same bugs fixed, but
patch will be different.

Jim.

From: Alexander Cherepanov Sent: Tuesday, April 23, 2013 20:00
>On 2013-04-23 18:55, Alexander Cherepanov wrote:
>> I'll will gather it all together and post it a bit later.
>
>Here it is. Only unstable is checked, bleeding is for later.

[ CONTENT OF TYPE application/octet-stream SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ