Date: Thu, 2 May 2013 16:47:26 -0500 From: "jfoug" <jfoug@....net> To: <john-dev@...ts.openwall.com> Subject: RE: Yet more crashes Dynamic cannot be 'fixed' to be crash proof. Since any user can create any format, bad or not, there is simply no way, unless dynamic checked every byte written, each time, which would cripple the format. I could chase my tail forever, fixing specifically formatted purposeful garbage, only to have the format still be just as open as it is today. Anyone can create a dynamic script that crashes. Here is an example, there are infinite number of these ;) [List.Generic:dynamic_1666] Expression=md5(BOOM) Func=DynamicFunc__clean_input Func=DynamicFunc__append_salt Func=DynamicFunc__append_salt Func=DynamicFunc__append_salt Func=DynamicFunc__append_salt Func=DynamicFunc__append_salt Func=DynamicFunc__append_salt #... 100's or 1000's of same append. Func=DynamicFunc__append_salt Func=DynamicFunc__crypt_md5 Test=$dynamic_1666$57200e13b490d4ae47d5e19be026b057$bigSaltValueHere:test1 Jim. From: Alexander Cherepanov [mailto:cherepan@...me.ru] On 2013-05-02 23:31, magnum wrote: > On 2 May, 2013, at 20:46 , Dhiru Kholia<dhiru.kholia@...il.com> wrote: >> On Fri, May 3, 2013 at 12:05 AM, Lukas Odzioba<lukas.odzioba@...il.com> wrote: >>> 2013/5/2 Lukas Odzioba<lukas.odzioba@...il.com>: >>>> gpg will be ready in a moment. >>> >>> Patch attached. >> >> Committed to bleeding-jumbo. Thanks! > > I committed it to unstable in almost the same minute, and then found it already committed to bleeding - but git recognized it as the same :-) Great, the following formats still crash: dynamic_21 pkzip sxc rar sunmd5 plus undrop crashes, plus some formats spills garbage etc. Everything attached. -- Alexander Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.