Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Mar 2007 20:36:33 +0100
From: Till Maas <opensource@...l.name>
To: john-users@...ts.openwall.com
Subject: Buffer Overflow warning with -fstack-protector and bigpatch 1.7.0.2
 (des3-cbc-sha1)

Hello,

I compiled john 1.7.0.2 with the following CFLAGS:
-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables
And this patch:
http://www.openwall.com/john/contrib/john-1.7-all-4.diff.gz

When I run john -test, a buffer overflow is detected:

Benchmarking: Kerberos v5 TGT [krb5 3DES (des3-cbc-sha1)]... *** stack 
smashing detected ***: /usr/bin/john terminated

Program received signal SIGABRT, Aborted.
0x00870402 in __kernel_vsyscall ()
(gdb) bt
#0  0x00870402 in __kernel_vsyscall ()
#1  0x00459d40 in raise () from /lib/libc.so.6
#2  0x0045b591 in abort () from /lib/libc.so.6
#3  0x0048f33b in __libc_message () from /lib/libc.so.6
#4  0x00513a71 in __stack_chk_fail () from /lib/libc.so.6
#5  0x08055c15 in krb5_decrypt_compare () at KRB5_fmt.c:167
#6  0x0806394d in fmt_self_test (format=0x808b0e0) at formats.c:75
#7  0x0805da5b in benchmark_format (format=0x808b0e0, salts=256, 
results=0xbfc62ff0) at bench.c:104
#8  0x0805de1a in benchmark_all () at bench.c:239
#9  0x08066a56 in main (argc=2, argv=0xbfc63174) at john.c:280
#10 0x00446f2c in __libc_start_main () from /lib/libc.so.6
#11 0x0804a021 in _start ()

Btw. why are the patches distributed apart from john?

Regards,
Till

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ