Date: Sat, 30 Jun 2012 12:27:10 +0200 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: asan report On 2012-06-30 12:19, jfoug wrote: >> From: magnum [mailto:john.magnum@...hmail.com] >> >> I think we currently guarantee that the strings passed to set_key() are >> aligned unless ARCH_ALLOWS_UNALIGNED. There is extra code for this in >> wordlist.c when using buffer mode iirc. > > Then that is new code. I used to simply read a file blob into memory,then > pretty much strtok("\r\n") the file to find line starts (was 'like' strtok). > However, I do not think I moved the data around at all. No, but it's taken care of later. See below. > This 'may' have changed, but I do not think so. So I do not believe we have > every assured alignment of input passwords. > > Just looked. I do not see any alignment assurance code in there. This: #if ARCH_ALLOWS_UNALIGNED const char *line = aligned.buffer; #else // for unaligned, we have to strcpy INTO line, so we can not have it be 'const' char *line = aligned.buffer; #endif ... #if ARCH_ALLOWS_UNALIGNED line = words[nCurLine++]; #else strcpy(line, words[nCurLine++]); #endif magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.