Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 30 Jun 2012 05:42:48 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: asan report

>From: magnum [mailto:john.magnum@...hmail.com]
>Attached is a diff showing what I mean. But the same problem is also in
>all the hard-coded test vectors. Should we really fix this?

I was not even thinking of this one (but it certainly is another example).  

What I was thinking of doing, was to have a stack buffer, and strcpy the key
into this, prior to sending it to fmt->set_key();

Also, your null could simply have been 

char null[8] = {0};

All of the code I know about, would look up to 4 bytes past end of buffer
(if buffer was "").  It is all in SSE code.  But setting it to be 8 bytes,
would not hurt anything, and then if we later used 8 bytes (not sure we
would), then we would be covered.  No reason to alloc this.

For the key setting from the static data for a format test, I was thinking
something like:

+  char PW[PLAINTEXT_BUFFER_SIZE+1];

...

	format->methods.set_salt(salt);
+ 	strcpy(PW, current->plaintext);
+ 	format->methods.set_key(PW, index);
- 	format->methods.set_key(current->plaintext, index);

But as you mentioned on another thread, we may have to honor aligned, so PW
would need either allocated, or a pointer that points to the first align
boundary within PW.

Jim.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.