Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 Jul 2012 09:41:32 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: plans for 1.7.9-jumbo-7, new formats interface, 1.8

Here is the bug:

Change

#include <openssl/md5.h>

To 

#include "md5.h"


NOTE, this will only impact certain builds.  However, it will impact them.
You need to use JtR's, ifdef logic in determining exactly 'what' md5 code to
use.

Jim.

>-----Original Message-----
>From: Dhiru Kholia [mailto:dhiru.kholia@...il.com]
>Sent: Monday, July 02, 2012 11:49 PM
>To: john-dev@...ts.openwall.com
>Subject: Re: [john-dev] plans for 1.7.9-jumbo-7, new formats interface,
>1.8
>
>On Tue, Jul 3, 2012 at 9:46 AM, jfoug <jfoug@....net> wrote:
>> Speaking of Radmin,  I get this when running under VC, in debug mode
>> (has stack checking on by default).  (-test=0)
>>
>> Benchmarking: RAdmin v2.x MD5 [32/32]...
>> (0) : Run-Time Check Failure #2 - Stack around the variable 'input'
>> was corrupted.
>> (0) : Run-Time Check Failure #2 - Stack around the variable 'ctx' was
>> corrupted.
>> So somewhere, we have some memory issues.  When I run a -test=1
>> -form=radmin I get a ton more of those messages.  From the 2 vars, it
>> looks like something in crypt_all.
>
>Can't reproduce this under clang-debug or gcc's -fstack-protector. I
>don't have a Windows development box to debug this. Can you please see
>what is wrong in crypt_all? (Try replacing strcpy with strncpy for a
>start).
>
>> One other big issue I see here, is when you allocate crypt_out, it
>> MUST be done MEM_ALIGN_WORD.  You later access this as a ARCH_WORD_32.
>> On systems that do not allow unaligned access (sparc for one), it will
>core.
>
>Fixed now. Thanks!
>
>--
>Cheers,
>Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.