Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 31 Mar 2007 21:11:52 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: New MSCASH patch

On Fri, Mar 30, 2007 at 05:27:38PM -0800, Alain Espinosa wrote:
> I think that i forget to put the FMT_SPLIT_UNIFIES_CASE flag.
> Please put it for me.

I've added FMT_SPLIT_UNIFIES_CASE, increased the out[] buffer size in
ms_split(), and added some bounds checking to ms_split() and valid().
I think that you had a buffer overflow there for usernames of longer
than 5 characters.  I'm not sure what the maximum username length is;
I've used 32.  I did not test this other than with "--test".

Revision 4.1 with the above changes is in contrib/ and is linked from
the web page.

Thanks,

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ