Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 May 2013 16:10:40 +0400
From: Alexander Cherepanov <cherepan@...me.ru>
To: john-dev@...ts.openwall.com
Subject: Re: Yet more crashes

On 2013-05-03 01:37, Alexander Cherepanov wrote:
> Great, the following formats still crash:
[skip]
> sxc

Kinda fixed.

-- 
Alexander Cherepanov

>From 5e96fbd9e9f311def073d2d44a2fc5ba0ceaaafd Mon Sep 17 00:00:00 2001
From: Alexander Cherepanov <cherepan@...me.ru>
Date: Tue, 14 May 2013 16:05:53 +0400
Subject: [PATCH] Add some band-aid to valid() in sxc format.

---
 src/sxc_fmt_plug.c |   16 +++++++++++++---
 1 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/sxc_fmt_plug.c b/src/sxc_fmt_plug.c
index d2572c1..4d51911 100644
--- a/src/sxc_fmt_plug.c
+++ b/src/sxc_fmt_plug.c
@@ -104,6 +104,9 @@ static int valid(char *ciphertext, struct fmt_main *self)
 		goto err;
 	if ((p = strtok(NULL, "*")) == NULL)	/* iterations */
 		goto err;
+	res = atoi(p);
+	if (res <= 0)
+		goto err;
 	if ((p = strtok(NULL, "*")) == NULL)	/* key size */
 		goto err;
 	res = atoi(p);
@@ -113,10 +116,12 @@ static int valid(char *ciphertext, struct fmt_main *self)
 		goto err;
 	if (strlen(p) != BINARY_SIZE * 2)
 		goto err;
+	if (!ishex(p))
+		goto err;
 	if ((p = strtok(NULL, "*")) == NULL)	/* iv length */
 		goto err;
 	res = atoi(p);
-	if (res > 16)
+	if (res <= 0 || res > 16)
 		goto err;
 	if ((p = strtok(NULL, "*")) == NULL)	/* iv */
 		goto err;
@@ -127,7 +132,7 @@ static int valid(char *ciphertext, struct fmt_main *self)
 	if ((p = strtok(NULL, "*")) == NULL)	/* salt length */
 		goto err;
 	res = atoi(p);
-	if (res > 32)
+	if (res <= 0 || res > 32)
 		goto err;
 	if ((p = strtok(NULL, "*")) == NULL)	/* salt */
 		goto err;
@@ -137,10 +142,13 @@ static int valid(char *ciphertext, struct fmt_main *self)
 		goto err;
 	if ((p = strtok(NULL, "*")) == NULL)	/* original length */
 		goto err;
+	res = atoi(p);
+	if (res <= 0 || res > 1024)             /* 1024 because of "unsigned char output[1024];" in crypt_all */
+		goto err;
 	if ((p = strtok(NULL, "*")) == NULL)	/* length */
 		goto err;
 	res = atoi(p);
-	if (res > 1024)
+	if (res <= 0 || res > 1024)
 		goto err;
 	if ((p = strtok(NULL, "*")) == NULL)	/* content */
 		goto err;
@@ -148,6 +156,8 @@ static int valid(char *ciphertext, struct fmt_main *self)
 		goto err;
 	if (!ishex(p))
 		goto err;
+	if (strtok(NULL, "*") != NULL)	        /* the end */
+		goto err;
 
 	MEM_FREE(keeptr);
 	return 1;
-- 
1.7.2.5


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ