Date: Tue, 19 May 2015 09:39:01 +0800 From: Kai Zhao <loverszhao@...il.com> To: john-dev@...ts.openwall.com Subject: Fuzzing Report on 2john tools There are 62 2john tools, 35 tools are by python, 7 tools are by perl, 20 tools are by C. So I tested the 20 C tools, since afl only support C/C++. Among the 20 C tools, there are 12 tools with bugs: gpg2john keepass2john keyring2john keystore2john kwallet2john luks2john pwsafe2john rar2john ssh2john vncpcap2john wpapcap2john zip2john general bugs analysis ----------------------------- 1. buffer overflow https://github.com/magnumripper/JohnTheRipper/pull/1312 2. heap buffer overflow Such as, forget to check the buffer size before fread() put bytes into it. https://github.com/magnumripper/JohnTheRipper/pull/1326 https://github.com/magnumripper/JohnTheRipper/pull/1313 3. using assert() and it leads to 'Aborted' https://github.com/magnumripper/JohnTheRipper/pull/1318 4. others Such as, forget to check return value of jtr_fopen(). https://github.com/magnumripper/JohnTheRipper/pull/1321 Thanks, Kai Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.