Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 8 Dec 2015 22:54:38 +0100
From: Hanno Böck <>
Subject: double free in ssh2john


There is a double free error in ssh2john if you run it against a file
that contains two ssl certificate blocks.

Just take a random certificate, add it twice to a file:
cat test.crt test.crt > out.crt

and run
ssh2john out.crt

Seems there is a loop that is freeing all openssl objects at the end of
the loop and then reusing the same objects and freeing them for every
iteration of the loop.

Hanno Böck


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ