Date: Wed, 27 Jun 2012 12:21:06 +0400 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: SSH format crashes when built using "linux-x86-clang-debug" On Wed, Jun 27, 2012 at 12:04:24PM +0530, Dhiru Kholia wrote: > SSH format crashes when built using "linux-x86-clang-debug". > > $ ../run/john -format=ssh -t > Benchmarking: SSH RSA/DSA (one 2048-bit RSA and one 1024-bit DSA key) > [32/32]... > ==5844== ERROR: AddressSanitizer global-buffer-overflow on address > 0x0832f51f at pc 0x816a88b bp 0xbff25f58 sp 0xbff25f50 Can you provide a little bit of disassembly around this place? > READ of size 1 at 0x0832f51f thread T0 Notice "size 1". > $ addr2line -a 0x816a88b -e ../run/john > 0x0816a88b > /home/dsk/magnum-jumbo/src/bench.c:150 > > bench.c line 150 ==> two_salts[index] = mem_alloc(format->params.salt_size); I think this is wrong. Maybe you ran addr2line on a different version of the john binary or something. That line should not involve any "size 1" access. > It seems the program is crashing when format->params.salt_size is > accessed. Any ideas why this is happening? I guess it does not. Something else is happening. I took a look at ssh_fmt.c and found an unrelated bug - patch attached. The cracked array was not fully zeroized in OpenMP-enabled builds. This shouldn't have resulted in crashes, but rather in extra calls to cmp_one() (performance impact when cracking more than one SSH key at once, after the first key gets cracked). Alexander View attachment "john-ssh-cracked-size.diff" of type "text/plain" (1088 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.