Date: Wed, 24 Apr 2013 14:56:19 -0500 From: "jfoug" <jfoug@....net> To: <john-dev@...ts.openwall.com> Subject: RE: testing all valid()s This should fix all of the dynamic issues listed (and others not listed). #2 dynamic_1001 #3 all Fixed: VC port of snprintf now in misc.h and snprintf will 'map' to sprintf_s The VC _snprintf function does not null terminate an overflow, but sprintf_s does, and has same signature. Thc count part of the salt, is now validated in valid, for phpass. All non salted formats now fail validation if there is anything other than the hash number. static buffer overflow, and improper re-use, fixed in prepare(). over long strings not processed in prepare and split. $B$ signature checked for now in mediawiki, Convert. I will get a patch together for bleeding shortly. Same bugs fixed, but patch will be different. Jim. From: Alexander Cherepanov Sent: Tuesday, April 23, 2013 20:00 >On 2013-04-23 18:55, Alexander Cherepanov wrote: >> I'll will gather it all together and post it a bit later. > >Here it is. Only unstable is checked, bleeding is for later. Download attachment "JtR-unstable-dynamic-valid.patch" of type "application/octet-stream" (7577 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.