Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 28 Apr 2013 20:31:48 +0200
From: Lukas Odzioba <>
Subject: Re: Yet more crashes

2013/4/28 Alexander Cherepanov <>:
> Hi!
> The previous thread is quite long, starting a new one.
> Most crashes posted earlier are fixed now (cool!) so I made my "fuzzer" a
> bit more aggressive and found some more crashes. Posting new and remaining
> old problems combined.


I revised gpg valid function. Input format looks like that:

Alexander provided an example where count=-1 and that causes john to crash.
I tried to put negative values in other fields - it caused an assert
and stops the program, or john was doing something - I amnot sure
about effect of that - both cases not sounds good.
I guess none of fields can contain a negative values, but I need help
about other limits set on them (equal 0, min,max values).

Currentle we checks:
datalen <= 4096

ivlen <=16


algorithm - do we use it at all?
datalen - minimum bound?
bits - min,max bounds?
data - every character should be in atoi16[]
spec - this needs to be validated with hash_algorithm
usage - {0,255,254} - magic numbers
hash_algorithm - this needs to be validated with spec
ivlen - minimum bound
iv - every character should be in atoi16[]
count - min,max bounds
salt - every character should be in atoi16[]

BTW is this code correct (we're using aes128 to encrypt aes192 and
aes256?Maybe just weird function name, I didn't read internals.):

		case CIPHER_AES128:
		case CIPHER_AES192:
		case CIPHER_AES256: {
					    AES_KEY ck;
					    AES_set_encrypt_key(keydata, ks * 8, &ck);
					    AES_cfb128_encrypt(cur_salt->data, out, AES_BLOCK_SIZE, &ck,
ivec, &tmp, AES_DECRYPT);


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.