Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 29 Dec 2012 22:39:20 +0530
From: Dhiru Kholia <>
Subject: Re: New self-test for maximum length (was: Formats dmg,
 encfs and strip crash on longer passwords)

On Sat, Dec 29, 2012 at 10:23 PM, magnum <> wrote:
> I just threw this in with devastating results:
> commit f49d2c56531de71da2a03c0e28c8bc939cce376b
> Author: magnum <>
> Date:   Sat Dec 29 17:25:46 2012 +0100
>     formats.c: Add a self-test that puts maximum length candidates in all
>     buffer positions and then read them back to verify. This finds incorrect
>     claims of PLAINTEXT_SIZE as well as most kinds of key buffer over-runs.
>     It found 15 problematic formats right away.
> I have no idea why I did not get the idea long ago. Unlike the "valid() killer" test that is only active with -DDEBUG, this one doesn't seem prone to segfault so it's always active. This is the current results on my 64-bit machine:
> 15 out of 198 tests have FAILED

Surprisingly most of my formats passed. I got scared when I did a "git
pull" and saw the commit message.

> All these are probably real bugs. As you can see, some formats do not get any error within the new test but later - this indicates worse problems than just fence post errors.
> I will start looking into raw-md4 and sapB (because they might be my fault). Any other volunteers please post here before starting to debug a format, so we avoid double work.

I am picking IKE, RAdmin and TrueCrypt.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.