Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 9 May 2006 22:39:07 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: john --format=NT segfaults when using wrong password file format

On Tue, May 09, 2006 at 08:14:46PM +0200, Frank Dittrich wrote:
> When trying john --format=NT with an incorrectly
> formatted password file, john segfaults:
> 
> fd@...~/JtR/john-1.7.0.2-dummy/run> cat fdtest_LM-20
> 1:0123456789ABCDEF0123456789SBCDEF:0123456789ABCDEF9123456789ABCDEF
> 
> fd@...~/JtR/john-1.7.0.2-dummy/run> ./john --show --format=NT fdtest_LM
> Speicherzugriffsfehler

OK, I think this should be sufficient information for whoever will look
into this to reproduce the problem and fix the bug.  I am not sure who
will do that, though, since this contributed patch does not appear to
have a maintainer currently.  I'd rather invest my time into improving
the code that is currently in the official JtR - and into adding more
code in there.

> symbols found)...(no debugging symbols found)...(no debugging symbols 
> found)...
> Program received signal SIGSEGV, Segmentation fault.
> 0x08061709 in MD4_Final ()
> gdb>bt
> #0  0x08061709 in MD4_Final ()
> #1  0xbfffeb5c in ?? ()

I'm afraid that this is not useful at all.  You'd need to rebuild with
debugging symbols (-g) and with frame pointers (drop -fomit-frame-pointer)
for the backtrace to be useful.  It is obvious that the crash is _not_
in MD4_Final() and that the function was _not_ called from a location on
the stack.

> While this problem does not occur with correctly formatted password files,
> a segfault should be avoided even if using arbitrary input.

Indeed.  But this is just a contributed patch.

Thanks,

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ