Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 14 Apr 2013 01:21:05 +0200
From: Frank Dittrich <>
Subject: Re: testing all valid()s

On 04/11/2013 02:28 AM, magnum wrote:
> With a full for loop as above (including all GPU formats), I see these crashes (crypt is fine):
> dyna
> dynamic_21

For me, crypt still crashes on 32bit, linux-x86-native and linux-x86-clang.
Offending line:

BTW: Building linux-x86-clang-debug fails on fedora 18 with
/usr/bin/ld: cannot find
/usr/bin/../lib/clang/3.2/lib/linux/libclang_rt.asan-i386.a: No such
file or directory
clang: error: linker command failed with exit code 1 (use -v to see
make[1]: *** [../run/john] Error 1
make: *** [linux-x86-clang-debug] Error 2
It also produces lots of warnings:
clang: warning: argument '-faddress-sanitizer' is deprecated, use
'-fsanitize=address' instead
If I try to adjust the Makefile, I avoid these warnings, but linking
still fails with the same error.
So far, I didn't find out what fedora package might contain the missing

I only thought of further reducing the test case after building linux

Reduced test case -  crash.crypt file used with linux-x86-sse build

./john --max-run-time=1 --format=crypt crash.crypt; echo $?
Segmentation fault (core dumped)

Built with debug info:

$ gdb ./john
GNU gdb (GDB) Fedora (7.5.1-37.fc18)
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-redhat-linux-gnu".
For bug reporting instructions, please see:
Reading symbols from /home/fd/git/JohnTheRipper/run/john...done.
(gdb) run --max-run-time=1 --format=crypt crash.crypt
Starting program: /home/fd/git/JohnTheRipper/run/john --max-run-time=1
--format=crypt crash.crypt
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/".

Program received signal SIGSEGV, Segmentation fault.
0x4a400a96 in __strlen_sse2 () from /lib/
Missing separate debuginfos, use: debuginfo-install
glibc-2.16-30.fc18.i686 keyutils-libs-1.5.5-3.fc18.i686
krb5-libs-1.10.3-14.fc18.i686 libcom_err-1.42.5-1.fc18.i686
libgcc-4.7.2-8.fc18.i686 libselinux-2.1.12-7.3.fc18.i686
nspr-4.9.5-2.fc18.i686 nss-3.14.3-1.fc18.i686
nss-softokn-freebl-3.14.3-1.fc18.i686 nss-util-3.14.3-1.fc18.i686
openssl-libs-1.0.1e-4.fc18.i686 pcre-8.31-4.fc18.i686 zlib-1.2.7-9.fc18.i686
(gdb) bt
#0  0x4a400a96 in __strlen_sse2 () from /lib/
#1  0x0816b5ac in valid (ciphertext=0xbffceef4 "$B$$000000000",
self=0x824de80 <fmt_crypt>) at c3_fmt.c:194
#2  0x0815342e in ldr_split_line (login=0xbffcee8c,
ciphertext=0xbffcee88, gecos=0xbffcee84, home=0xbffcee80,
    source=0x0, format=0x832666c <database+44>, db_options=0x844e934,
line=0x0) at loader.c:374
#3  0x08153684 in ldr_load_pw_line (db=0x8326640 <database>,
line=0xbffceef4 "$B$$000000000") at loader.c:458
#4  0x081529cb in read_file (db=0x8326640 <database>, name=0x83c7070
"crash.crypt", flags=2,
    process_line=0x815363a <ldr_load_pw_line>) at loader.c:83
#5  0x08153c0a in ldr_load_pw_file (db=0x8326640 <database>,
name=0x83c7070 "crash.crypt") at loader.c:610
#6  0x08151644 in john_load () at john.c:508
#7  0x08151bca in john_init (name=0xbffff2ee "john", argc=4,
argv=0xbffff104) at john.c:701
#8  0x081526cb in main (argc=4, argv=0xbffff104) at john.c:993

For some reason, new_ciphertext still points to 0x0 in c3_fmt.c line 194.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.