Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 10 Dec 2012 03:11:55 +0100
From: magnum <>
Subject: Re: fixing the valid() methods

On 10 Dec, 2012, at 1:27 , Solar Designer <> wrote:
> On Wed, Sep 19, 2012 at 01:15:37AM +0400, Alexander Cherepanov wrote:
>> On 2012-09-17 01:23, Alexander Cherepanov wrote:
>>> And I suspect that every format with trivial valid() -- there are
>>> ~40-50 of them --  have buffer overflows in get_salt and/or similar
>>> functions. You don't need a code analyzer to find them.
>> To have something for a start here are crashers for 36 formats:
> ...

Here's a curious patch you can apply (do not commit) for breaking many formats' valid(). It just drops the last character of the ciphertext and calls valid() until there's nothing left. Problems will unfortunately be indicated by a segfault :-)

The first test that dies from this in a full test run is KRB4.


Download attachment "0001-Self-test-valid-killer-that-unfortunately-will-produ.patch" of type "application/octet-stream" (1006 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.