Date: Tue, 09 Apr 2013 13:26:40 +0400 From: Alexander Cherepanov <cherepan@...me.ru> To: john-dev@...ts.openwall.com Subject: Re: testing all valid()s On 2013-04-09 01:36, Dhiru Kholia wrote: > Strange. I fixed the mozilla format earlier today. There are no checks for lengths of fields in mozilla format so that they could easily overflow fixed-sized buffers in KeyCrackData structure. And john crashed at least on this: $mozilla$*3*1*1*00*1*00*255*000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000*1*00 Another problem is that salt_struct->keyCrackData.oidLen (instead of salt_struct->keyCrackData.encDataLen) is used as a length for salt_struct->keyCrackData.encData in get_salt. -- Alexander Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.