Date: Wed, 6 Sep 2006 23:42:39 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Re: "Extra" in incremental mode not fully working - john17 stuckdumped On Tue, Aug 29, 2006 at 01:35:41PM +0000, Radim wrote: > I couldn't help myself to provide additional info. I've tried my Extra option > with the official windows builds of john and I've managed to stackdump the > original 1.7 release with it: > --- > john17 -in:Alphacz4 --stdout > alphacz4.out > Warning: only 35 characters available > 3 [main] john17 2812 handle_exceptions: Exception: STATUS_ACCESS_VIOLATION Yes, John 1.7 and below did not check for all possible misconfigurations of "incremental" mode settings or charset files, so you could make it crash like that. In your case, the misconfiguration is the use of characters beyond the compile-time CHARSET_MAX in Extra. JtR 18.104.22.168 and above includes extra sanity checking, so such crashes should not be possible anymore (except with external modes accessing out of bounds array locations). > The 22.214.171.124 is behaving better, but it still throws somewhat misleading message > with the official alpha.chr: > --- > Incorrect charset file format: alpha.chr Oh, yes, there's a bug: if (expand(allchars, extra ? extra : "", sizeof(allchars))) inc_format_error(charset); I used inc_format_error() on all expand() errors, which is correct for all but this one. "Extra" doesn't come from a .chr file, so this expand() call should be split into two - one to check allchars (which does come from a .chr file) and the other to add the Extra characters and check them. The error message on the second call's failure should be different. Thank you for the bug report! -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ