Date: Mon, 01 Oct 2012 04:15:07 +0400 From: Alexander Cherepanov <cherepan@...me.ru> To: john-dev@...ts.openwall.com Subject: Re: Static analysis of John using Coverity On 2012-09-19 03:22, magnum wrote: > Also, all (or nearly all) the mentioned formats use input files produced with *2john tools. The risk of bad input is low. Unfortunately most *2john tools either happily pass bad input through them or crash themselves or both. Examples are in my previous mail. It doesn't mean that everything have to be fixed in one day but thinking that 2john tools somehow guard john is just wrong. Some of these tools are a problem on their own. And the need to fix many formats poses interesting questions. Maybe more high-level function will be useful? There is base64.[ch], what about unhex? And such functions have to do sanity checks (like checking that inlen%4==0 in case of base64 or don't assume it). Or maybe generate valid()'s from some regexes by perl?.. -- Alexander Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.