Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 09 May 2006 20:14:46 +0200
From: "Frank Dittrich" <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: john --format=NT segfaults when using wrong password file format

I've patched john-1.7.0.2 (using john-1.7-all-4.diff)
to support additional formats.

When trying john --format=NT with an incorrectly
formatted password file, john segfaults:

fd@...~/JtR/john-1.7.0.2-dummy/run> cat fdtest_LM-20
1:0123456789ABCDEF0123456789SBCDEF:0123456789ABCDEF9123456789ABCDEF

fd@...~/JtR/john-1.7.0.2-dummy/run> ./john --show --format=NT fdtest_LM
Speicherzugriffsfehler

fd@...~/JtR/john-1.7.0.2-dummy/run> gdb john
gdb>set args  --show --format=NT fdtest_LM
gdb>run
Starting program: /home/fd/JtR/john-1.7.0.2-dummy/run/john --show 
--format=NT fdtest_LM
(no debugging symbols found)...(no debugging symbols found)...(no debugging 
symbols found)...(no debugging symbols found)...(no debugging symbols 
found)...
Program received signal SIGSEGV, Segmentation fault.
0x08061709 in MD4_Final ()
gdb>bt
#0  0x08061709 in MD4_Final ()
#1  0xbfffeb5c in ?? ()
gdb>quit
The program is running.  Exit anyway? (y or n) y
fd@...~/JtR/john-1.7.0.2-dummy/run>

While this problem does not occur with correctly formatted password files,
a segfault should be avoided even if using arbitrary input.


Regards, Frank


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ