Date: Mon, 10 Dec 2012 08:43:39 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-dev@...ts.openwall.com Subject: Re: fixing the valid() methods On Monday 10 December 2012 08:39 AM, magnum wrote: > On 10 Dec, 2012, at 4:06 , magnum <john.magnum@...hmail.com> wrote: >> On 10 Dec, 2012, at 3:52 , Dhiru Kholia <dhiru.kholia@...il.com> wrote: >>> On Monday 10 December 2012 08:11 AM, magnum wrote: >>>> On 10 Dec, 2012, at 3:11 , magnum <john.magnum@...hmail.com> wrote: >>>>> After fixing KRB4, DMG segfaults. This is one of the formats that got a "more robust valid()" days ago. Unfortunately it is still not robust. Note btw that my "valid() killer" does not trigger all kinds of problems, basically just one. magnum >>> LOL. My patches to valid were not very good but they are getting better. >>> >>> Can you try crashing RACF format? I am (slightly) more confident about it. >> I think it will survive most anything, but you reject on tag mismatch before doing the strdup(). > That should have read "you *should* reject on tag mismatch"... > + if (strncmp(ciphertext, "$racf$*", 7)) + goto err; I do that already. Is the code above good enough?
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.