Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 20 Aug 2015 12:13:18 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: --test-full=0 crashes the Bitcoin format

On Thu, Aug 20, 2015 at 12:11 PM, Kai Zhao <loverszhao@...il.com> wrote:
> On Thu, Aug 20, 2015 at 3:54 AM, magnum <john.magnum@...hmail.com> wrote:
>> On 2015-08-06 18:38, Solar Designer wrote:
>>>
>>> Kai, magnum -
>>>
>>> Flag bugs aside, this feature as committed to magnum's jumbo triggers
>>> memory corruption:
>>>
>>> [solar@...er run]$ ./john --test-full=0
>>> [...]
>>> Testing: asa-md5, Cisco ASA [Cisco ASA (MD5 salted) 128/128 AVX 4x3]...
>>> PASS
>>> Testing: bfegg, Eggdrop [Blowfish 32/64]... (32xOMP) PASS
>>> Testing: Bitcoin [SHA512 AES 128/128 AVX 2x]... (32xOMP) *** glibc
>>> detected *** ./john: double free or corruption (!prev): 0x000000000224a770
>>> ***
>>
>>
>> I replaced the EVP stuff in bitcoin with our own aes.h stuff in 0e2beec and
>> have yet to trigger the bug since. Perhaps Kai can test it some more.
>>
>> If we do get some variant of the problem again (I doubt it), it'll likely be
>> easier to debug and/or detected by ASan.
>>
>> I'll open an issue for finding more uses of EVP and/or BIO that we can get
>> rid of. High-level stuff and abstraction layers are often Bad Ideas[tm] in
>> high-performance code anyway.
>>
>
> I have run "./john --test-full=0 --format=bitcoin" about 500 times and
> it did crash.
> I think this bug is fixed. Thanks.
>

Sorry. "it did crash" -> "it did not crash"

I have run "./john --test-full=0 --format=bitcoin" about 500 times and
it did not crash. I think this bug is fixed.


Thanks,

Kai

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ