Date: Sun, 28 Apr 2013 13:26:05 +0400 From: Alexander Cherepanov <cherepan@...me.ru> To: john-dev@...ts.openwall.com Subject: Re: testing all valid()s On 2013-04-28 03:17, magnum wrote: >>>>> 4. Strange crash (it doesn't occurs with --format): >>>>> >>>>> ./john crash_wpapsk.txt >>>> >>>> Actually this seems to not be related to wpapsk format, john crashes >>>> in formspring. >>> >>> Well, patch attached. >> >> I confirm, thanks lesson learned. > > So your formspring problem is gone now? That is a surprise to me because wpapsk loads later than that. Or maybe you did not have Jim's latest fixes? If that was it, we are probably set now. Actually it's not that suprising: - crash doesn't happen with --format, so it's a result of formats interaction; - crash happens when john reads somthing with $WPAPSK$ prefix and changing prefix makes crash go away, so wpapsk format is the first suspect; - valid in wpapsk calls decode_hccap which contains straightforward static buffer overflow ("copy essid to hccap"), so what remains is to check that a fix for buffer overflow cures the crash. Why wpapsk format doesn't crash? It checkes for overly long essids and rejects these hashes. But it's too late and harm is done. Why formspring format does crash? Probably its some important static variables are overwritten by buffer overrun in wpapsk format but I didn't bother to fire up debugger to check it. -- Alexander Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.