Date: Mon, 16 Jul 2012 11:07:50 +0400 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: My audit of cracker, format, loader.c Jim - Thank you for your code reviews! On Sun, Jul 15, 2012 at 04:49:49PM -0400, jfoug@....net wrote: > I know it is 100% core. My point is the core code loses the validity checking that was in bleeding, which helped keep spurious fields from being loaded. The 2 calls to valid were put into prepare on purpose. They are not in core, but should be. I dropped those two calls to valid() from LM's prepare() on purpose, because they looked redundant to me (and in more obscure cases where they are not strictly redundant, they appeared to be undesired). They still do. loader.c calls valid() on whatever prepare() returns anyway. Can you explain how spurious fields were being loaded without those valid() calls, preferably by providing a very specific example (input file line that gets processed incorrectly without those checks, the corresponding "john" command-line, and desired vs. actual behavior)? Thanks again, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.