Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 1 Jun 2015 17:17:00 +0800
From: Kai Zhao <>
Subject: Re: Fuzzing Report on external mode

Hi Alexander,

> Oh, just why aren't you moving to a faster hash by now, after I provided
> this advice to you a week ago or so?  I recommend that you use the dummy
> format for your fuzzing.  e.g.:
> $dummy$64756d6d79


> These 3 are crashes in op_index, which suggests out of bounds array
> access.  However, I don't immediately see a bug like this fuzzed into
> the external mode programs.  Do you?  Can you please post diffs of them
> from their original versions?

The original and fuzzed configs are  in the attachments.

The diff of config is: ( array size 32 is original, 12 is fuzzed)

< int boundaries_symbols[32];
> int boundaries_symbols[12];

The diff of config is: (first line is original, second line is fuzzed)

< boundaries_numbers[i++] = 1932735284; boundaries_numbers[i++] =
> boundaries_numbers[i++] = 193273=284; boundaries_numbers[i++] =

The diff of config is: (first is original, second is fuzzed)

< # A variation of KnownForce configured to try all the 385641000 possible
< # auto-generated passwords of DokuWiki versions up to at least 2013-05-10.
> # Ae
> # -10.
< charset[ofs + i++] = c++;
> charset[ofs + i++] = C++;

> Your guess is that this is the same kind of issue that you found and I
> patched recently, so you're suggesting that we change the initial sp
> from &c_stack[2] to &c_stack[4].  I think you're probably wrong, but
> have you tried?  Does it help?

Yes, you are right. Change to &c_stack[4] can not solve this problem.



Content of type "text/html" skipped

Download attachment "awepasswordgenerator_original.conf" of type "application/octet-stream" (9493 bytes)

Download attachment "awepasswordgenerator_fuzzing_1358.conf" of type "application/octet-stream" (9493 bytes)

Download attachment "awepasswordgenerator_fuzzing_1360.conf" of type "application/octet-stream" (9493 bytes)

Download attachment "dokuwiki_original.conf" of type "application/octet-stream" (2354 bytes)

Download attachment "dokuwiki_fuzzing_1363.conf" of type "application/octet-stream" (2218 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.