[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Dec 2012 07:39:38 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: fixing the valid() methods
On 10 Dec, 2012, at 4:13 , Dhiru Kholia <dhiru.kholia@...il.com> wrote:
> On Monday 10 December 2012 08:39 AM, magnum wrote:
>> On 10 Dec, 2012, at 4:06 , magnum <john.magnum@...hmail.com> wrote:
>>> On 10 Dec, 2012, at 3:52 , Dhiru Kholia <dhiru.kholia@...il.com> wrote:
>>>> On Monday 10 December 2012 08:11 AM, magnum wrote:
>>>>> On 10 Dec, 2012, at 3:11 , magnum <john.magnum@...hmail.com> wrote:
>>>>>> After fixing KRB4, DMG segfaults. This is one of the formats that got a "more robust valid()" days ago. Unfortunately it is still not robust. Note btw that my "valid() killer" does not trigger all kinds of problems, basically just one. magnum
>>>> LOL. My patches to valid were not very good but they are getting better.
>>>>
>>>> Can you try crashing RACF format? I am (slightly) more confident about it.
>>> I think it will survive most anything, but you reject on tag mismatch before doing the strdup().
>> That should have read "you *should* reject on tag mismatch"...
>>
> + if (strncmp(ciphertext, "$racf$*", 7))
> + goto err;
>
> I do that already. Is the code above good enough?
To be picky you could return 0 instead of goto err - there's nothing to free.
magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
