Date: Mon, 26 Mar 2012 10:18:32 +0200 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: [JtR patch] Fast cracker for Mozilla Firefox, Thunderbird and SeaMonkey master passwords. On 03/26/2012 10:14 AM, Dhiru Kholia wrote: > On Mon, Mar 26, 2012 at 12:20 PM, magnum <john.magnum@...hmail.com> wrote: >> On 03/26/2012 05:01 AM, Dhiru Kholia wrote: >> The KeyCrackData struct has char globalSalt but you read 24 bytes >> into it in line 122 of KeyDBCracker.c > > heh, All this code is from FireMasterLinux project. I will fix this > after work today. Thanks for noticing it. However, why is fseek > resulting in a segfault? It is quite puzzling. File handle and offset > are both valid. Because that buffer overrun of globalSalt overwrites the fd! So you are calling fseek with a trashed file descriptor. I suppose it should be globalSalt now. I see from the comments it has grown over time (with newer versions of Mozilla) from 16 but they forgot to bump the size in the struct. Problem is gone once this is fixed. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.