Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 28 Apr 2013 20:31:48 +0200
From: Lukas Odzioba <lukas.odzioba@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Yet more crashes

2013/4/28 Alexander Cherepanov <cherepan@...me.ru>:
> Hi!
>
> The previous thread is quite long, starting a new one.
>
> Most crashes posted earlier are fixed now (cool!) so I made my "fuzzer" a
> bit more aggressive and found some more crashes. Posting new and remaining
> old problems combined.

Great!

I revised gpg valid function. Input format looks like that:
$gpg$algorithm*datalen*bits*data*spec*usage*hash_algorithm*cipher_algorihm*ivlen*iv*count*salt

Alexander provided an example where count=-1 and that causes john to crash.
I tried to put negative values in other fields - it caused an assert
and stops the program, or john was doing something - I amnot sure
about effect of that - both cases not sounds good.
I guess none of fields can contain a negative values, but I need help
about other limits set on them (equal 0, min,max values).

Currentle we checks:
datalen <= 4096
strlen(data)==2*datalen

ivlen <=16
strlen(iv)==2*ivlen

strlen(salt)==16

TODO:
algorithm - do we use it at all?
datalen - minimum bound?
bits - min,max bounds?
data - every character should be in atoi16[]
spec - this needs to be validated with hash_algorithm
usage - {0,255,254} - magic numbers
hash_algorithm - this needs to be validated with spec
cipher_algorithm - {CIPHER_CAST5, CIPHER_BLOWFISH, CIPHER_AES128,
CIPHER_AES192, CIPHER_AES256}
ivlen - minimum bound
iv - every character should be in atoi16[]
count - min,max bounds
salt - every character should be in atoi16[]

BTW is this code correct (we're using aes128 to encrypt aes192 and
aes256?Maybe just weird function name, I didn't read internals.):

		case CIPHER_AES128:
		case CIPHER_AES192:
		case CIPHER_AES256: {
					    AES_KEY ck;
					    AES_set_encrypt_key(keydata, ks * 8, &ck);
					    AES_cfb128_encrypt(cur_salt->data, out, AES_BLOCK_SIZE, &ck,
ivec, &tmp, AES_DECRYPT);
				    }

Lukas

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.