Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 30 Jun 2012 05:19:07 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: asan report

>From: magnum [mailto:john.magnum@...hmail.com]
>
>I think we currently guarantee that the strings passed to set_key() are
>aligned unless ARCH_ALLOWS_UNALIGNED. There is extra code for this in
>wordlist.c when using buffer mode iirc.

Then that is new code.  I used to simply read a file blob into memory,then
pretty much strtok("\r\n") the file to find line starts (was 'like' strtok).
However, I do not think I moved the data around at all.

This 'may' have changed, but I do not think so.  So I do not believe we have
every assured alignment of input passwords.  

Just looked. I do not see any alignment assurance code in there.

Jim

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.