Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 30 Apr 2013 11:36:49 +0530
From: Dhiru Kholia <>
Subject: Re: Yet more crashes

On 04/28/13 at 08:31pm, Lukas Odzioba wrote:
> 2013/4/28 Alexander Cherepanov <>:
> > Most crashes posted earlier are fixed now (cool!) so I made my "fuzzer" a
> > bit more aggressive and found some more crashes. Posting new and remaining
> > old problems combined.
> Alexander provided an example where count=-1 and that causes john to crash.
> I tried to put negative values in other fields - it caused an assert
> and stops the program, or john was doing something - I am not sure
> about effect of that - both cases not sounds good.
> I guess none of fields can contain a negative values, but I need help
> about other limits set on them (equal 0, min,max values).
> algorithm - do we use it at all?


> datalen - minimum bound?

Should not matter.

> data - every character should be in atoi16[]
> spec - this needs to be validated with hash_algorithm
> usage - {0,255,254} - magic numbers
> hash_algorithm - this needs to be validated with spec
> cipher_algorithm - {CIPHER_CAST5, CIPHER_BLOWFISH, CIPHER_AES128,
> ivlen - minimum bound

Yes, all these checks are required.

> iv - every character should be in atoi16[]
> count - min,max bounds
> salt - every character should be in atoi16[]

These are required.


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ