Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 8 Jul 2016 19:14:19 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: rules.c bug/feature

On 2016-07-08 15:53, Solar Designer wrote:
> On Fri, Jul 08, 2016 at 04:19:20PM +0300, Solar Designer wrote:
>> On Fri, Jul 08, 2016 at 02:24:58PM +0200, magnum wrote:
>>> On 2016-07-06 18:27, Solar Designer wrote:
>>>> 		in[RULE_WORD_SIZE - 1] = 0;
>>>>
>>>> Is this somehow broken?  We should identify the issue and fix it if so.
>>>
>>> Sounds good, but then it must be broken somehow. The memcpy in 'd' did
>>> blow the buffer and overwrote rules_data.classes and I verified this
>>> happens in John proper too. I'm not sure why but I'll let you handle it.
>>
>> You're right.  I didn't bother reproducing it, but I think I know what
>> the problem is: when I introduced the "length" variable some years ago,
>> I forgot to update the loop logic to clamp not only the buffer but also
>> this integer variable to the maximum length.  I think the attached patch
>> should fix it.  I'll test and commit it.
>
> Committed.

Merged to Jumbo now.

Thanks!
magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ