Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 1 Jun 2015 17:17:00 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Fuzzing Report on external mode

Hi Alexander,

> Oh, just why aren't you moving to a faster hash by now, after I provided
> this advice to you a week ago or so?  I recommend that you use the dummy
> format for your fuzzing.  e.g.:
>
> $dummy$64756d6d79

Thanks.


> These 3 are crashes in op_index, which suggests out of bounds array
> access.  However, I don't immediately see a bug like this fuzzed into
> the external mode programs.  Do you?  Can you please post diffs of them
> from their original versions?

The original and fuzzed configs are  in the attachments.

https://github.com/magnumripper/JohnTheRipper/issues/1358

The diff of config is: ( array size 32 is original, 12 is fuzzed)

39c39
< int boundaries_symbols[32];
---
> int boundaries_symbols[12];

https://github.com/magnumripper/JohnTheRipper/issues/1360

The diff of config is: (first line is original, second line is fuzzed)

79c79
< boundaries_numbers[i++] = 1932735284; boundaries_numbers[i++] =
2147483647;
---
> boundaries_numbers[i++] = 193273=284; boundaries_numbers[i++] =
2147483647;

https://github.com/magnumripper/JohnTheRipper/issues/1363

The diff of config is: (first is original, second is fuzzed)

2,3c2,3
< # A variation of KnownForce configured to try all the 385641000 possible
< # auto-generated passwords of DokuWiki versions up to at least 2013-05-10.
---
> # Ae
> # -10.
59c59
< charset[ofs + i++] = c++;
---
> charset[ofs + i++] = C++;

> Your guess is that this is the same kind of issue that you found and I
> patched recently, so you're suggesting that we change the initial sp
> from &c_stack[2] to &c_stack[4].  I think you're probably wrong, but
> have you tried?  Does it help?

Yes, you are right. Change to &c_stack[4] can not solve this problem.


Thanks,

Kai

Content of type "text/html" skipped

Download attachment "awepasswordgenerator_original.conf" of type "application/octet-stream" (9493 bytes)

Download attachment "awepasswordgenerator_fuzzing_1358.conf" of type "application/octet-stream" (9493 bytes)

Download attachment "awepasswordgenerator_fuzzing_1360.conf" of type "application/octet-stream" (9493 bytes)

Download attachment "dokuwiki_original.conf" of type "application/octet-stream" (2354 bytes)

Download attachment "dokuwiki_fuzzing_1363.conf" of type "application/octet-stream" (2218 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.