Date: Tue, 9 Apr 2013 20:56:40 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-dev@...ts.openwall.com Subject: Re: testing all valid()s On Tue, Apr 9, 2013 at 2:56 PM, Alexander Cherepanov <cherepan@...me.ru> wrote: > On 2013-04-09 01:36, Dhiru Kholia wrote: >> Strange. I fixed the mozilla format earlier today. > > There are no checks for lengths of fields in mozilla format so that they > could easily overflow fixed-sized buffers in KeyCrackData structure. And > john crashed at least on this: I have fixed this problem now in commit 82beaf39. (I should fix other formats which have similar problem). > > Another problem is that salt_struct->keyCrackData.oidLen (instead of > salt_struct->keyCrackData.encDataLen) is used as a length for > salt_struct->keyCrackData.encData in get_salt. Good catch! Fixed :-) -- Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.