Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 29 Oct 2008 20:19:18 +0100
From: Till Maas <opensource@...l.name>
To: john-users@...ts.openwall.com
Subject: [PATCH] avoid stack smash for NETHALFLM / NET(HALF)LM cleanup

Hiyas,

john --test --format=NETHALFLM crashed on my Fedora systeme because of a 
smashed stack. The array lm was not big enough to hold the full key that is 
assigned to it with setup_des_key afaics. Attached is a patch that changes 
lm[7] to lm[8].

I used john-1.7.3.1 and john-1.7.3.1-all-5.diff.gz.

Btw. is there more documentation available about writing format extensions for 
john except the formats.h?

Also it should be possible to merge NETHALFLM_fmt.c and NETLM_fmt.c, because 
they are almost identical except for some constants and some improvements to 
NETHALFLM_fmt.c, that were not merged into NETLM_fmt.c. I am not an 
experienced C-programmer, so the best way to do this for me would to create a 
file that contains all the common code, and only keep the #defines in the 
*_fmt.c files and then #include the common code. Would this be good or is 
there a better way to do this?


Regards,
Till

diff -up john-1.7.3.1/src/NETHALFLM_fmt.c.stack_smash john-1.7.3.1/src/NETHALFLM_fmt.c
--- john-1.7.3.1/src/NETHALFLM_fmt.c.stack_smash	2008-10-29 19:45:21.000000000 +0100
+++ john-1.7.3.1/src/NETHALFLM_fmt.c	2008-10-29 19:48:15.000000000 +0100
@@ -106,10 +106,10 @@ static void nethalflm_crypt_all(int coun
   static unsigned char magic[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
   DES_key_schedule ks;
   unsigned char password[7 + 1];
-  unsigned char lm[7];
+  unsigned char lm[8];
 
   /* clear buffers */
-  memset(lm, 0, 7);
+  memset(lm, 0, 8);
   memset(output, 0, 8);  
 
   strncpy((char *) password, saved_plain, 7);


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ