Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 18 Apr 2015 21:03:39 -0400
From: Mathieu Laprise <mathlaprise@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Improving Johnny

>
> here is a line in Johnny:
>
>   temp << QString("%1:%2::%3\n").arg(user).arg(hash).arg(hash);
>
> Do you see any problems with it? If there is a problem then
> - provide an example of input to trigger the problem.
> - How would you fix it?
> - Does the fix work with your example?
> - Push the fix into a separate branch in your public repo please.
>

I really don't see how this question would tell you how experienced I am as
a software engineer so I probably didn't understand it well. Ah ah :( So
here is just my hypothesis after thinking about it for 2 minutes.
If we were using unsafe functions like gets in C, a buffer and reading from
a file, it'd be important to verify that size of user input isn't bigger
than our buffer but luckily QString and QTextStream seem to be safe against
buffer overflow.
So the problem is that if the user has a %1 in its username, Johnny won't
write the correct infos to the file and the user will say "This software
doesn't work!" and we're gonna loose a happy user !
Correction:
temp << user << ":" << hash << "::" << hash << '\n';

Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ