Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 May 2013 16:19:05 +0400
From: Alexander Cherepanov <>
Subject: Re: Yet more crashes

On 2013-04-29 04:12, magnum wrote:
> I am not going to fix RAR. It is supposed to read input files created by rar2john and it does a bunch of sanity checks.

As we have seen the fact that something is output by *2john is no 
guarantee that it cannot crash john. Many *2john's happily work on the 
principle "garbage in, garbage out".
Didn't check it specifically for rar2john though.

> The input format is so complex it would be nearly impossible to become immune against a hacked up input line.

The first thing I see when I open rar_fmt.c is that "This code is based 
on the work of Alexander L. Roshal (C)". So I don't want even to look 
further. The faster we get rid of it the better.

Alexander Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.