Date: Sat, 31 Mar 2007 21:11:52 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: New MSCASH patch On Fri, Mar 30, 2007 at 05:27:38PM -0800, Alain Espinosa wrote: > I think that i forget to put the FMT_SPLIT_UNIFIES_CASE flag. > Please put it for me. I've added FMT_SPLIT_UNIFIES_CASE, increased the out buffer size in ms_split(), and added some bounds checking to ms_split() and valid(). I think that you had a buffer overflow there for usernames of longer than 5 characters. I'm not sure what the maximum username length is; I've used 32. I did not test this other than with "--test". Revision 4.1 with the above changes is in contrib/ and is linked from the web page. Thanks, -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ