Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Apr 2013 11:40:22 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: simple issue to possibly fix

From: johnuser [mailto:johnuser1243@...oo.com] 
>[quote]
>You should be able to fix that. Look in dynamic_utils.c, around line 165.
>
>Code:
>
>cpx += sprintf(cpx, "%x", *cp++);
>
>should be
>
>cpx += sprintf(cpx, "%02x", *cp++);
>[/quote]

That is certainly a bug, and appears that the %02x is the proper fix.  The
size of the buffer already had enough bytes added (double compute of the
strlen(cp)), so there is enough memory. The %x worked fine for any byte
larger than 0x0F.  However, lower bytes that were mangled as shown, and my
testing during development did not catch this.

This was a somewhat 'late' addon, to work around other issues, like ':', \r
\n (and even '$') being in the salt, which were breaking the .pot file.  

Jim.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.