[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 09 May 2006 20:14:46 +0200
From: "Frank Dittrich" <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: john --format=NT segfaults when using wrong password file format
I've patched john-1.7.0.2 (using john-1.7-all-4.diff)
to support additional formats.
When trying john --format=NT with an incorrectly
formatted password file, john segfaults:
fd@...~/JtR/john-1.7.0.2-dummy/run> cat fdtest_LM-20
1:0123456789ABCDEF0123456789SBCDEF:0123456789ABCDEF9123456789ABCDEF
fd@...~/JtR/john-1.7.0.2-dummy/run> ./john --show --format=NT fdtest_LM
Speicherzugriffsfehler
fd@...~/JtR/john-1.7.0.2-dummy/run> gdb john
gdb>set args --show --format=NT fdtest_LM
gdb>run
Starting program: /home/fd/JtR/john-1.7.0.2-dummy/run/john --show
--format=NT fdtest_LM
(no debugging symbols found)...(no debugging symbols found)...(no debugging
symbols found)...(no debugging symbols found)...(no debugging symbols
found)...
Program received signal SIGSEGV, Segmentation fault.
0x08061709 in MD4_Final ()
gdb>bt
#0 0x08061709 in MD4_Final ()
#1 0xbfffeb5c in ?? ()
gdb>quit
The program is running. Exit anyway? (y or n) y
fd@...~/JtR/john-1.7.0.2-dummy/run>
While this problem does not occur with correctly formatted password files,
a segfault should be avoided even if using arbitrary input.
Regards, Frank
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
