Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Jun 2015 11:44:48 +0800
From: Kai Zhao <>
Subject: Re: more robustness

Hi Frank,

Thanks for your valuable advice.

> 1.
> I think you should mention the --fuzz[=DICTFILE] option in the
> --list=hidden-options output, if only to make the option known to
> john's bash completion. I would add it after the --stress-test[=TIME]
> option.

Do you mean that I should add a line in
options.c::opt_print_hidden_usage() ?

Such as:

void opt_print_hidden_usage(void)
        puts("--help print usage summary, just like running the command");
        puts("--stress-test[=TIME]      loop self tests forever");
        puts("--fuzz[= DICTFILE]        fuzz formats prepare(), valid() and

> 2.
> I did:
> (fuzz_option)src $ ./configure --disable-openmp --enable-asan
> (fuzz_option)src $ make -s -j 16
> (fuzz_option)src $ cd ../run
> (fuzz_option)run $ ./john --fuzz --format=MSCHAPv2
> Fuzzing: MSCHAPv2, C/R [MD4 DES (ESS MD5) 128/128 AVX 4x3]
> in UTF-8 mode...
> ==19657==ERROR: AddressSanitizer: global-buffer-overflow on address

Fixed by:

> 3.
> (fuzz_option)run $ ./john --list=build-info
> Version:
> Build: linux-gnu 64-bit AVX-autoconf
> Time stamp: Sun Jun 28 14:02:04 2015
> You could rebase your git repository on magnum's latest bleeding-jumbo.
> It might have some bugs fixed, and it reports much more useful version
> info than that "time stamp" (actually, the time listconf.c changed):

Just rebased.



Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.