Date: Tue, 14 May 2013 16:19:05 +0400 From: Alexander Cherepanov <cherepan@...me.ru> To: john-dev@...ts.openwall.com Subject: Re: Yet more crashes On 2013-04-29 04:12, magnum wrote: > I am not going to fix RAR. It is supposed to read input files created by rar2john and it does a bunch of sanity checks. As we have seen the fact that something is output by *2john is no guarantee that it cannot crash john. Many *2john's happily work on the principle "garbage in, garbage out". Didn't check it specifically for rar2john though. > The input format is so complex it would be nearly impossible to become immune against a hacked up input line. The first thing I see when I open rar_fmt.c is that "This code is based on the work of Alexander L. Roshal (C)". So I don't want even to look further. The faster we get rid of it the better. -- Alexander Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.