Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 16 May 2013 13:03:39 -0500
From: "jfoug" <>
To: <>
Subject: RE: missing parentheses in dynamic_fmt.c

The problem was a MD5-x2 bug.  In the X2, there were 2 inputs getting 0x10
bytes written to them.  But one of them was not getting the length set.

So in self test:

1 pw was set.  But in the MD5 2 input buffers written to.  We only set
length of the first to 16 bytes. The other was left at 0.

Then the test with 2 pw's.  The cleanup still saw the end input buffer as
being empty, so did not properly clean it up, and thus, a 5 byte password
had 11 bytes of crap left over from the first dual md5 crypt.

I simply removed the check for the value being past 'count'.  It can be past
count in the 2x md5 mode.  It did take a bit of stepping to find the bug,
along with it is sort of hard to get 2x md5 in my vc test environment.  I
link an x86.o file built by cygwin (which has MD5_body), and MD5_std.c also
has MD5_body (for the 2X builds).  So I had to #define change the name of
the one in MD5_std.o to get link to work, but once I got that done and
linked properly, I was able to find the problem with a little stepping and


From: magnum Sent: Thursday, May 16, 2013 6:52
>On 16 May, 2013, at 13:04 , Jeremi Gosney <> wrote:
>> On 05/16/2013 03:39 AM, magnum wrote:
>>> On 16 May, 2013, at 11:46 , Jeremi Gosney <> wrote:
>>>> dynamic_fmt.c is missing a right parentheses on line 697 that 
>>>> prevents it from compiling on big endian.
>>>> -    memset(input_buf_X86, 0, FLAT_INP_BUF_SZ;
>>>> +    memset(input_buf_X86, 0, FLAT_INP_BUF_SZ);
>>>> #endif
>>> Committed, thank you. Does it pass a "-t=0 -form=dynamic" on BE after
this fix?
>>> magnum
>> All formats except dynamic_1300 pass their self-tests, which IIRC is a
known issue.
>Thanks. Dynamic_1300 was fixed in 19992ec, 4 days ago but Jim probably
hasn't tried it on BE yet. I'll create an issue on GitHub.
>Oh, I see now it doesn't work with a -generic build on x86 either. So it's
not an endian problem.

Download attachment "JtR-Dyna_1300_generic_X2_fix.patch" of type "application/octet-stream" (547 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.