Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 2 May 2013 16:47:26 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: Yet more crashes

Dynamic cannot be 'fixed' to be crash proof.  Since any user can create any
format, bad or not, there is simply no way, unless dynamic checked every
byte written, each time, which would cripple the format.  

I could chase my tail forever, fixing specifically formatted purposeful
garbage, only to have the format still be just as open as it is today.
Anyone can create a dynamic script that crashes.   Here is an example, there
are infinite number of these ;)

[List.Generic:dynamic_1666]
Expression=md5(BOOM)
Func=DynamicFunc__clean_input
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_salt
Func=DynamicFunc__append_salt
#... 100's or 1000's of same append.
Func=DynamicFunc__append_salt
Func=DynamicFunc__crypt_md5
Test=$dynamic_1666$57200e13b490d4ae47d5e19be026b057$bigSaltValueHere:test1

Jim.

From: Alexander Cherepanov [mailto:cherepan@...me.ru] 

On 2013-05-02 23:31, magnum wrote:
> On 2 May, 2013, at 20:46 , Dhiru Kholia<dhiru.kholia@...il.com>  wrote:
>> On Fri, May 3, 2013 at 12:05 AM, Lukas Odzioba<lukas.odzioba@...il.com>
wrote:
>>> 2013/5/2 Lukas Odzioba<lukas.odzioba@...il.com>:
>>>> gpg will be ready in a moment.
>>>
>>> Patch attached.
>>
>> Committed to bleeding-jumbo. Thanks!
>
> I committed it to unstable in almost the same minute, and then found it
already committed to bleeding - but git recognized it as the same :-)

Great, the following formats still crash:

dynamic_21
pkzip
sxc
rar
sunmd5

plus undrop crashes, plus some formats spills garbage etc.

Everything attached.

-- 
Alexander Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.