Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 28 Jun 2015 23:03:17 +0200
From: Frank Dittrich <frank.dittrich@...lbox.org>
To: john-dev@...ts.openwall.com
Subject: Re: more robustness

On 06/28/2015 06:31 PM, Frank Dittrich wrote:
> (fuzz_option)run $ ./john --format=PBKDF2-HMAC-SHA1 --fuzz
> Fuzzing: PBKDF2-HMAC-SHA1 [PBKDF2-SHA1 128/128 AVX 4x]...
> =================================================================
> ==26467==ERROR: AddressSanitizer: stack-buffer-overflow on address
> 0x7ffd6af53f3a at pc 0x00000044f633 bp 0x7ffd6af53bc0 sp 0x7ffd6af53bb0
> WRITE of size 1 at 0x7ffd6af53f3a thread T0
>     #0 0x44f632 in raw_to_hex /home/fd/git/fuzz-JtR/src/base64_convert.c:241
>     #1 0x453afd in mime_to_hex
> /home/fd/git/fuzz-JtR/src/base64_convert.c:686
>     #2 0x45611b in base64_convert
> /home/fd/git/fuzz-JtR/src/base64_convert.c:921
>     #3 0x60f77d in prepare
> /home/fd/git/fuzz-JtR/src/pbkdf2-hmac-sha1_fmt_plug.c:151
>     #4 0x6bd370 in fuzz_test /home/fd/git/fuzz-JtR/src/formats.c:1153
>     #5 0x6a4d2e in fuzz /home/fd/git/fuzz-JtR/src/bench.c:829
>     #6 0x6c995d in john_run /home/fd/git/fuzz-JtR/src/john.c:1367
>     #7 0x6cae5c in main /home/fd/git/fuzz-JtR/src/john.c:1753
>     #8 0x7f83fc8b078f in __libc_start_main (/lib64/libc.so.6+0x2078f)
>     #9 0x406878 in _start (/home/fd/git/fuzz-JtR/run/john+0x406878)

I think I managed to create a test case which triggers the same bug for
a bleeding-jumbo build, see
https://github.com/magnumripper/JohnTheRipper/issues/1478

But that was more or less pure luck.

Frank

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ