Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 24 Apr 2013 14:56:19 -0500
From: "jfoug" <>
To: <>
Subject: RE: testing all valid()s

This should fix all of the dynamic issues listed (and others not listed).

#2 dynamic_1001
#3 all


VC port of snprintf now in misc.h and snprintf will 'map' to sprintf_s   The
VC _snprintf function does not null terminate an overflow, but sprintf_s
does, and has same signature.

Thc count part of the salt, is now validated in valid, for phpass.

All non salted formats now fail validation if there is anything other than
the hash number.

static buffer overflow, and improper re-use, fixed in prepare().

over long strings not processed in prepare and split.

$B$ signature checked for now in mediawiki, Convert.

I will get a patch together for bleeding shortly.  Same bugs fixed, but
patch will be different.


From: Alexander Cherepanov Sent: Tuesday, April 23, 2013 20:00
>On 2013-04-23 18:55, Alexander Cherepanov wrote:
>> I'll will gather it all together and post it a bit later.
>Here it is. Only unstable is checked, bleeding is for later.

Download attachment "JtR-unstable-dynamic-valid.patch" of type "application/octet-stream" (7577 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.