|
Date: Wed, 1 Jan 2014 22:14:09 +0100
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Some bleeding-jumbo formats with SEGV and ABRT
On 12/28/2013 10:07 PM, Frank Dittrich wrote:
> I used Alexander's fuzzing scripts.
> Django, netlmv2, openssl-enc and rar formats failed with SEGV.
> LUKS format failed with ABRT.
The netlmv2 is not reproducible with linux-x86-native, all the others are.
The rar crash only occurs when cracking has started (i.e., not with
--wordlist=<empty_file>.
All the other crashes are reproducible even with an empty word list.
Here's another hash which causes a crash in openssl-enc.
It is much shorter than the one I included in my previous mail:
$openssl$0$0$8$305cedc2a0521011$bf11609a01e78ec3f50f0cc483e636f9$1$1$
Further testing also revealed another bug:
The attached file fail_clipperz causes a failing self test, reproducible
with linux-x86-native and linux-x86-64-native:
(bleeding-jumbo)run $ ./john fail_clipperz
Loaded 2 password hashes with 2 different salts (Clipperz, SRP [SHA256
32/32 oSSL-exp])
Self test failed (get_hash[0](0))
./john --test works for --format=clipperz.
But each of the two lines in fail_clipperz causes the self test to fail.
I guess valid() needs to be enhanced to avoid loading these hashes.
Frank
View attachment "fail_clipperz" of type "text/plain" (326 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.