Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Jun 2012 20:32:55 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: RAR cmp_one(3) failures (was: Raw SHA-1 and RAR3 SHA-1 AES FAILed self test on 32bit linux OMP builds)

On Thu, Jun 21, 2012 at 11:39:54PM +0200, magnum wrote:
> The RAR format actually has a known bug, it will sometimes fail at
> cmp_one(3) and I will give a beer to anyone that finds the culprit. It's 
> present in non-OMP CPU-only builds and any other ones too. But the 
> moment I grab my debugger, the bug crawls back under its' stone and 
> hides until I give up.
> 
> I just *hope* that if you pass the self-test, you will actually be safe 
> running a crack, but I am not sure. I have never seen a false negative 
> once passing self-test.
> 
> BTW, cmp_one(3) indicates the problems is with normal (-m3) -p archives, 
> that is, deflated ones without encrypted headers. So the problem *might* 
> be within unrar.c (the clamav stuff) or the inititalization / use of it. 
> I have gone through all of it a dozen times and I just can't find the 
> problem.

For me, the problem is now triggerable after about 10 or 20 invocations
of the OpenMP build, regardless of whether ASLR is enabled or not.  It
is _not_ triggerable in a non-OpenMP build on the same machine, again
regardless of ASLR.  Of course, this does not mean it would not appear
in a non-OpenMP build on another system.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.