Date: Tue, 29 Jan 2013 01:09:01 +0400 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: dmg2john Dhiru, Milen - dmg2john is in bad shape now. Here are some issues: 1. It's not being built by default. "make dmg2john" builds it, but this should be made the default. 2. It's not integrated into "john", to be similar with other *2john tools. It becomes a separate binary executable. Perhaps we need to integrate it, since it has no dependencies on extra libs. 3. The return values from lseek() are not checked. They must be! 4. The return values from read() are either not checked or are checked incorrectly. "<= 0" is not it. read() may also return with partial data. We need to use a read_loop() function (see popa3d), or at the very least detect the partial reads and refuse to work if so. Alternatively, we may switch to using "FILE *" and the f*() functions. 5. As also spotted by Milen: <@gat3way> @jmgosney @jeremiahg @DhiruKholia @solardiz Hm I think I found the problem....cno = ceil(header2.datasize / 4096.0) - 2; cno is int We must not do any floating-point math. When header2.datasize is large, there may be precision loss here, and the resulting value may be other than what we expect. We should express this without resorting to floating-point intermediate values: cno = (header2.datasize + 4095) / 4096 - 2; Milen - is this what you meant, too? Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.