Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Sep 2015 11:15:00 -0500
From: JimF <jfoug@....net>
To: john-dev@...ts.openwall.com
Subject: Re: auditing our use of FMT_* flags

Just did a quick check.

This hash:

"$K4$e35e9294ecef926d,0123", "U*U*U*U*"

binary() returns this e35f9395edef936d00480008

My code can not find the binary string in the original hash, so no work 
is done.  The format binary size is 12. Nowhere in the hash is there a 
24 byte long hex string to start with.



On 9/11/2015 10:48 AM, Solar Designer wrote:
> Jim,
>
> On Fri, Sep 11, 2015 at 08:42:37AM -0500, JimF wrote:
>> There was a split() in the jumbo version where the return of split was
>> strlwr()   At least that was there by the time I got my searching
>> function completed.
> The only strlwr() in AFS_fmt.c is in salt(), both in core and in jumbo,
> including in revisions from a few days ago.
>
> I continue to think there's something wrong in your test that caused it
> not to catch this bug.  It should have.
>
> Alexander
>
> P.S. You might want to avoid top-posting.  We're asking new contributors
> to quote properly, and we shouldn't be sloppy about it ourselves.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ