Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Aug 2012 23:09:25 -0500
From: "jfoug" <>
To: <>
Subject: RE: Serious wordlist.c bug fixed (all branches)

>From: Solar Designer []
>On Tue, Aug 14, 2012 at 10:15:09PM -0500, jfoug wrote:
>> A good way to find these ugly problems, is with a debugging allocation
>> The free will hammer the memory, before freeing it
>We can do this in the MEM_FREE() macro in memory.h in debugging builds,
> ********and we need to be using this macro consistently. ********

I agree with this line strongly.  Many have been using strdup, malloc,
realloc, free, etc.  Also, there often are allocations being done, when
there is no real need to do so.  There are memory leaks in JtR, and tracking
them down is not overly easy, with the multitude of different calls to
different allocation functions.

But I do agree, that the interfaces in memory.c/h SHOULD be the ones used.  

One other issue I have seen lately, is using things like (this one from
gpg's crypt_all)

int res;
int ks = keySize(cur_salt->cipher_algorithm);
int ds = digestSize(cur_salt->hash_algorithm);
unsigned char keydata[ds * ((ks + ds- 1) / ds)];

That last line is not portable.  I am not sure if there is some gcc flag
that would throw warnings on that one or not.

It 'could' be replaced with something like this (note I believe alloca
should be OMP safe)

unsigned char *keydata = alloca(ds * ((ks + ds- 1) / ds));

But I am not 100% sure on how portable that is either.  I have recently
posted fixes to a few of the very latest formats, where this was used,
converting all of them into alloca calls.  Alloca does the same thing,
simply 'adjusts' the stack frame, and then fixes it on function exit. It is
very likely that gcc is doing something almost exactly like alloca behind
the scene, on the first type (where a variable sized array is declared).


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.