Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 12 Mar 2011 12:08:58 -0600
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: New update to md5-gen, AND changes to the john core 'format' structures. (diff posted to Wiki)

>From: magnum [mailto:rawsmooth@...dband.net]
>>> Fwiw I think I saw a misformatteded NT-format (using $NT$)
>>> hash file result in segfault
>> Please try to get an input file.  There is some strangeness in the NT
>Here is an input file that produce a segfault. 

Found and working on fix.  It was within loader.c  ldr_split_line()
function.  With changes made, that function worked directly with the
fmt_main->format item.  If there was a line that was not valid (the last 5
lines in the file you provided are not valid), then this pointer was changed
to a null.

Later, john would be told there WERE a number of values found, but then this
pointer is null, which would then be used and crash.

Found it.  I had removed the whole 'if' statement that people had complained
about for the 'options->single_salts'.  Well, that if still needs to be
there.  Just the internal if needs gone.  I have put this back into the
code, but have commented out the single_salts logic, which is logic I had
added a couple years ago, but which appears to only work properly on certain
formats.

if (*format) {
//	if (db_options->single_salts->head)
//	{
//		char *salt = (char*)(*format)->methods.salt(*ciphertext);
//		if (ldr_check_list(db_options->single_salts, salt,
*ciphertext))
//			return 0;
//	}
	return (*format)->methods.valid(*ciphertext);
}

I have added comments on the part needing removed.  With this change,
loader's ldr_split_line() is back working properly. The first 'found' format
is used from that point on.

Jim. 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.