Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 8 Nov 2011 16:02:34 -0600
From: "jfoug" <>
To: <>
Subject: RE: LM & NT prepare() segfaults

This was called on pot loading, in an attempt to match/deal with 'valid'
lines, in any valid format.



would all be seen as valid lines, that would scrub a hash at startup.   The
pot will ONLY have this format: $dynamic_0$01234567890123456789000:some_pass
written into it, but the prepare was added to try to 'unify' validity
checking of the pot file.  Also, if a user started with raw-md5, and later
used dynamic_0, then things would 'work' properly.  

 I will need to put a little time in to answer your question, but I believe
the only 2 fields 'required' would be the first 2.  Yes, we certainly would
need to add proper logic into lm/nt (or ANY prepare), to check if element 2
was null or not, prior to using it.

NOTE, in loader, all nulls get set to "", so it is likely that is the proper
thing to add to the pot loading.  Simply make sure that all array elements
past the first 2, are set to "".  There is NO information in the pot file
that can help the prepare function, beyond the first 2 elements anyway (both
of them being the hash.


>From: Solar Designer []
>Jim -
>With 0037-dynamic-split-addition-1.diff prepare() is now called not only
>for password files to crack, but also for pot entries.  (I don't know
>what you're doing this for, but that's another matter.)  This exposed
>the fact that implementations of prepare() just assume that their
>expected number of fields is available.  Specifically, LM's and NT's
>prepare() look for fields beyond the 2nd.  I've just introduced the
>obvious non-NULL checks into these two.
>What about the first two fields, though - should prepare() assume that
>these are always present?  Should loader.c be careful to only call
>prepare() when at least two fields are present?  Does it ensure that
>currently (I haven't checked)?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.