Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Jun 2015 11:44:48 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: more robustness

Hi Frank,

Thanks for your valuable advice.

> 1.
>
> I think you should mention the --fuzz[=DICTFILE] option in the
> --list=hidden-options output, if only to make the option known to
> john's bash completion. I would add it after the --stress-test[=TIME]
> option.

Do you mean that I should add a line in
options.c::opt_print_hidden_usage() ?

Such as:

void opt_print_hidden_usage(void)
{
        puts("--help print usage summary, just like running the command");
        ...
        puts("--stress-test[=TIME]      loop self tests forever");
        puts("--fuzz[= DICTFILE]        fuzz formats prepare(), valid() and
split()");
        ...
}

> 2.
>
> I did:
>
> (fuzz_option)src $ ./configure --disable-openmp --enable-asan
>
> (fuzz_option)src $ make -s -j 16
>
> (fuzz_option)src $ cd ../run
> (fuzz_option)run $ ./john --fuzz --format=MSCHAPv2
> Fuzzing: MSCHAPv2, C/R [MD4 DES (ESS MD5) 128/128 AVX 4x3]
> in UTF-8 mode...
> ==19657==ERROR: AddressSanitizer: global-buffer-overflow on address

Fixed by:

https://github.com/loverszhaokai/JohnTheRipper/commit/478a03ad9105fbe7e6bfcb0f51cd3874d93d9e4c

> 3.
>
> (fuzz_option)run $ ./john --list=build-info
> Version: 1.8.0.6-jumbo-1-bleeding_asan
> Build: linux-gnu 64-bit AVX-autoconf
> Time stamp: Sun Jun 28 14:02:04 2015
>
> You could rebase your git repository on magnum's latest bleeding-jumbo.
> It might have some bugs fixed, and it reports much more useful version
> info than that "time stamp" (actually, the time listconf.c changed):

Just rebased.

https://github.com/loverszhaokai/JohnTheRipper/commits/fuzz_option


Thanks,

Kai

[ CONTENT OF TYPE text/html SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ