Date: Mon, 10 Dec 2012 07:57:18 +0100 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: fixing the valid() methods On 10 Dec, 2012, at 7:39 , magnum <john.magnum@...hmail.com> wrote: > On 10 Dec, 2012, at 4:13 , Dhiru Kholia <dhiru.kholia@...il.com> wrote: >> On Monday 10 December 2012 08:39 AM, magnum wrote: >>> On 10 Dec, 2012, at 4:06 , magnum <john.magnum@...hmail.com> wrote: >>>> On 10 Dec, 2012, at 3:52 , Dhiru Kholia <dhiru.kholia@...il.com> wrote: >>>>> On Monday 10 December 2012 08:11 AM, magnum wrote: >>>>>> On 10 Dec, 2012, at 3:11 , magnum <john.magnum@...hmail.com> wrote: >>>>>>> After fixing KRB4, DMG segfaults. This is one of the formats that got a "more robust valid()" days ago. Unfortunately it is still not robust. Note btw that my "valid() killer" does not trigger all kinds of problems, basically just one. magnum >>>>> LOL. My patches to valid were not very good but they are getting better. >>>>> >>>>> Can you try crashing RACF format? I am (slightly) more confident about it. >>>> I think it will survive most anything, but you reject on tag mismatch before doing the strdup(). >>> That should have read "you *should* reject on tag mismatch"... >>> >> + if (strncmp(ciphertext, "$racf$*", 7)) >> + goto err; >> >> I do that already. Is the code above good enough? > > To be picky you could return 0 instead of goto err - there's nothing to free. Is RACF really case significant? The test vectors are all uppercase. Maybe the format should not have FMT_CASE but instead uppercase its input in set_key()? It might not even be FMT_8_BIT for that matter. If it is, such uppercasing should be made encoding aware (just use enc_strupper() from unicode.h). Also, I believe RACF's valid() should reject lowercase hex hashes, or split should uppercase them. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.