Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 May 2011 13:53:57 -0500
From: "jfoug" <>
To: <>
Subject: RE: SSE bug still there in Jumbo-5-RC6++

>-----Original Message-----
>From: magnum []
>The mssql problem is fixed, patch uploaded to wiki.
>Actually I never found the exact cause. 

 static void mssql_init(struct fmt_main *pFmt)
 #ifdef MMX_COEF
 	memset(saved_key, 0, sizeof(saved_key));
-	saved_key = mem_alloc_tiny(PLAINTEXT_LENGTH*2 + 1, MEM_ALIGN_WORD);
+	saved_key = mem_alloc_tiny(PLAINTEXT_LENGTH*2 + 1 + SALT_SIZE,

This was fixed, without the OMP removal.  Same bug in the non MMX builds of
mssql05.  Memory overwrite if the password went over 23 bytes long.  In the
older code, 51 bytes were set aside. Then 23*2+4 == 50. However, plaintext
len was 25, so 24 and 25 char passes blew the buffer.  Prior to your change,
saved_key was a static buffer, and not alloc, but same type bug.  Down in
cryptall, we do a memcpy of the cursalt to past where the Unicode password


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.