Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Sep 2012 22:25:16 +0530
From: Dhiru Kholia <>
Subject: Re: Cracking Office 2013 files with JtR

On Mon, Sep 10, 2012 at 10:13 PM, magnum <> wrote:
> On 2012-09-10 18:34, Dhiru Kholia wrote:
>> DeriveKey function can be changed so that it writes to a given static
>> buffer (Office 2010 and 2013 code path do it this way). No possibility
>> of memory leak then.
>> (3) Same applied for "static unsigned char*
>> GeneratePasswordHashUsingSHA1" function.
> I guess statics would be problematic for OMP, we need to pass buffer
> pointers from the caller here too.

Oops. I meant GeneratePasswordHashUsingSHA1 should write to a "fixed"
non-static array allocated on the caller's stack (this is done in
Office 2010 / 2013 code path).

> BTW, I just now committed some assertions (well, just warning output) in
> case DeriveKey() ends up not returning X1. Could that happen at all? If
> not, no harm done. If it *can* happen, we will now rather warn than
> segfault :)

I agree. At the end of DeriveKey following comment is present,

/* TODO: finish up this function */
return NULL;

So far, I have not hit this part of the code ;)

> I'll also verify all test hashes Rich supplied, or did you do that already?

IIRC I have tested "most" of Rich's test hashes but it would be great
if you could add them to format's self-test (along with file name for
tracking purposes). Thanks!.


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.