Date: Sat, 30 Jun 2012 12:14:18 +0200 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: asan report On 2012-06-30 12:05, jfoug wrote: >> From: magnum Sent: Saturday, June 30, 2012 4:55 AM >> I think I see now. It's just the self-tests. For example, one self-test >> does: >> >> format->methods.set_key("", index); >> >> I think we should "fix" the self-tests, not the formats. If anything. > > I was just going to reply the same thing. > > We are reading past buffer, by up to 3 bytes, but properly detecting and > handling it internally. > > However, in the self test, we are dealing with const strings, of known size. > Thus, on a picky compiler, it will not allow this. Simple fix. Put a > buffer on stack in self test, large enough for the work, and use it. This > would also allow us to force a non-aligned input for the password also. I think we currently guarantee that the strings passed to set_key() are aligned unless ARCH_ALLOWS_UNALIGNED. There is extra code for this in wordlist.c when using buffer mode iirc. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.