Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Jul 2016 16:53:07 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: rules.c bug/feature

magnum -

On Fri, Jul 08, 2016 at 04:19:20PM +0300, Solar Designer wrote:
> On Fri, Jul 08, 2016 at 02:24:58PM +0200, magnum wrote:
> > On 2016-07-06 18:27, Solar Designer wrote:
> > >		in[RULE_WORD_SIZE - 1] = 0;
> > >
> > >Is this somehow broken?  We should identify the issue and fix it if so.
> > 
> > Sounds good, but then it must be broken somehow. The memcpy in 'd' did 
> > blow the buffer and overwrote rules_data.classes and I verified this 
> > happens in John proper too. I'm not sure why but I'll let you handle it.
> 
> You're right.  I didn't bother reproducing it, but I think I know what
> the problem is: when I introduced the "length" variable some years ago,
> I forgot to update the loop logic to clamp not only the buffer but also
> this integer variable to the maximum length.  I think the attached patch
> should fix it.  I'll test and commit it.

Committed.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ