Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Dec 2012 08:43:39 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: fixing the valid() methods

On Monday 10 December 2012 08:39 AM, magnum wrote:
> On 10 Dec, 2012, at 4:06 , magnum <john.magnum@...hmail.com> wrote:
>> On 10 Dec, 2012, at 3:52 , Dhiru Kholia <dhiru.kholia@...il.com> wrote:
>>> On Monday 10 December 2012 08:11 AM, magnum wrote:
>>>> On 10 Dec, 2012, at 3:11 , magnum <john.magnum@...hmail.com> wrote:
>>>>> After fixing KRB4, DMG segfaults. This is one of the formats that got a "more robust valid()" days ago. Unfortunately it is still not robust. Note btw that my "valid() killer" does not trigger all kinds of problems, basically just one. magnum
>>> LOL. My patches to valid were not very good but they are getting better.
>>>
>>> Can you try crashing RACF format? I am (slightly) more confident about it.
>> I think it will survive most anything, but you reject on tag mismatch before doing the strdup().
> That should have read "you *should* reject on tag mismatch"...
>
+       if (strncmp(ciphertext, "$racf$*", 7))
+               goto err;

I do that already. Is the code above good enough?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.