Date: Wed, 1 Jan 2014 22:14:09 +0100 From: Frank Dittrich <frank_dittrich@...mail.com> To: john-dev@...ts.openwall.com Subject: Re: Some bleeding-jumbo formats with SEGV and ABRT On 12/28/2013 10:07 PM, Frank Dittrich wrote: > I used Alexander's fuzzing scripts. > Django, netlmv2, openssl-enc and rar formats failed with SEGV. > LUKS format failed with ABRT. The netlmv2 is not reproducible with linux-x86-native, all the others are. The rar crash only occurs when cracking has started (i.e., not with --wordlist=<empty_file>. All the other crashes are reproducible even with an empty word list. Here's another hash which causes a crash in openssl-enc. It is much shorter than the one I included in my previous mail: $openssl$0$0$8$305cedc2a0521011$bf11609a01e78ec3f50f0cc483e636f9$1$1$ Further testing also revealed another bug: The attached file fail_clipperz causes a failing self test, reproducible with linux-x86-native and linux-x86-64-native: (bleeding-jumbo)run $ ./john fail_clipperz Loaded 2 password hashes with 2 different salts (Clipperz, SRP [SHA256 32/32 oSSL-exp]) Self test failed (get_hash(0)) ./john --test works for --format=clipperz. But each of the two lines in fail_clipperz causes the self test to fail. I guess valid() needs to be enhanced to avoid loading these hashes. Frank View attachment "fail_clipperz" of type "text/plain" (326 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.