Date: Sat, 29 Dec 2012 22:39:20 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-dev@...ts.openwall.com Subject: Re: New self-test for maximum length (was: Formats dmg, encfs and strip crash on longer passwords) On Sat, Dec 29, 2012 at 10:23 PM, magnum <john.magnum@...hmail.com> wrote: > I just threw this in with devastating results: > > commit f49d2c56531de71da2a03c0e28c8bc939cce376b > Author: magnum <john.magnum@...hmail.com> > Date: Sat Dec 29 17:25:46 2012 +0100 > > formats.c: Add a self-test that puts maximum length candidates in all > buffer positions and then read them back to verify. This finds incorrect > claims of PLAINTEXT_SIZE as well as most kinds of key buffer over-runs. > It found 15 problematic formats right away. > > I have no idea why I did not get the idea long ago. Unlike the "valid() killer" test that is only active with -DDEBUG, this one doesn't seem prone to segfault so it's always active. This is the current results on my 64-bit machine: > 15 out of 198 tests have FAILED Surprisingly most of my formats passed. I got scared when I did a "git pull" and saw the commit message. > All these are probably real bugs. As you can see, some formats do not get any error within the new test but later - this indicates worse problems than just fence post errors. > > I will start looking into raw-md4 and sapB (because they might be my fault). Any other volunteers please post here before starting to debug a format, so we avoid double work. I am picking IKE, RAdmin and TrueCrypt. -- Cheers, Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.