Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 9 Dec 2015 00:47:47 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: double free in ssh2john

On 2015-12-08 22:54, Hanno Böck wrote:
> There is a double free error in ssh2john if you run it against a file
> that contains two ssl certificate blocks.
>
> Just take a random certificate, add it twice to a file:
> cat test.crt test.crt > out.crt
>
> and run
> ssh2john out.crt
>
> Seems there is a loop that is freeing all openssl objects at the end of
> the loop and then reusing the same objects and freeing them for every
> iteration of the loop.

Thank you for reporting, I'll open an issue for it.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ