Date: Wed, 25 Mar 2015 01:07:00 +0300 From: Alexander Cherepanov <ch3root@...nwall.com> To: john-dev@...ts.openwall.com Subject: Ideas for the robustness gsoc task Hi! I've tried to collect various ideas for the robustness gsoc task. Some of them are already tested, some probably require discussion. Comments, additions? General cleaning ~~~~~~~~~~~~~~~~ - Figure out which C standard we want (discuss on john-dev), document it, convert to it. - Figure out which coding style we want (discuss on john-dev), document it, convert to it. (character encoding for various files, indent(1) options) - Unify function names (get_salt -> salt etc.). This makes grepping/refactoring easier. - Get rid of unused global symbols (see http://www.openwall.com/lists/john-dev/2013/05/11/5 , http://www.openwall.com/lists/john-dev/2013/05/11/6 ). - Get rid of unused macros (see http://www.openwall.com/lists/john-dev/2013/05/18/2 , http://www.openwall.com/lists/john-dev/2013/05/19/4 ). - Look for strncmp with n==1 (see http://www.openwall.com/lists/john-dev/2013/05/12/18 ). - Identify embedded copies of other software. Misc ~~~~ - Hardened build - Constification and format interface clarification (see http://www.openwall.com/lists/john-dev/2013/05/07/33 ). Cleaning hashes loading ~~~~~~~~~~~~~~~~~~~~~~~ - Review loader.c (see http://www.openwall.com/lists/john-dev/2015/03/23/3 ). - Revamp valid(), salt() etc. in all(?) formats: -- sync cpu/opencl/cuda formats (see http://www.openwall.com/lists/john-dev/2015/03/22/1 ); -- get rid of strtok() (because it requires to make a copy of input string); -- get rid of atoi() and other functions exhibiting undefined behavior; -- ...probably by switching to a generic parsing functions (to be written). Static ananlysis ~~~~~~~~~~~~~~~~ - gcc with various options - compile as C++ ? - clang with various options - Clang Static Analyzer - cppcheck - splint? - ... Dynamic analysis ~~~~~~~~~~~~~~~~ - Valgrind - AddressSanitizer - Undefined Behavior Sanitizer - MemorySanitizier? - ThreadSanitizer? Fuzzing ~~~~~~~ - Custom fuzzer (see http://www.openwall.com/lists/john-dev/2015/03/07/10 , http://www.openwall.com/lists/john-dev/2015/03/07/15 ). - AFL - fuzz 2john tools - fuzz command-line options - fuzz environment variables - fuzz config files -- Alexander Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.