john-dev - Re: fixing the valid() methods

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Mon, 10 Dec 2012 03:41:14 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: fixing the valid() methods

On 10 Dec, 2012, at 3:11 , magnum <john.magnum@...hmail.com> wrote:
> On 10 Dec, 2012, at 1:27 , Solar Designer <solar@...nwall.com> wrote:
>> On Wed, Sep 19, 2012 at 01:15:37AM +0400, Alexander Cherepanov wrote:
>>> On 2012-09-17 01:23, Alexander Cherepanov wrote:
>>>> And I suspect that every format with trivial valid() -- there are
>>>> ~40-50 of them --  have buffer overflows in get_salt and/or similar
>>>> functions. You don't need a code analyzer to find them.
>>> 
>>> To have something for a start here are crashers for 36 formats:
>> ...
> 
> Here's a curious patch you can apply (do not commit) for breaking many formats' valid(). It just drops the last character of the ciphertext and calls valid() until there's nothing left. Problems will unfortunately be indicated by a segfault :-)
> 
> The first test that dies from this in a full test run is KRB4.

After fixing KRB4, DMG segfaults. This is one of the formats that got a "more robust valid()" days ago. Unfortunately it is still not robust.

Note btw that my "valid() killer" does not trigger all kinds of problems, basically just one.

magnum

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.