Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 20 Aug 2015 12:11:38 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: --test-full=0 crashes the Bitcoin format

On Thu, Aug 20, 2015 at 3:54 AM, magnum <john.magnum@...hmail.com> wrote:
> On 2015-08-06 18:38, Solar Designer wrote:
>>
>> Kai, magnum -
>>
>> Flag bugs aside, this feature as committed to magnum's jumbo triggers
>> memory corruption:
>>
>> [solar@...er run]$ ./john --test-full=0
>> [...]
>> Testing: asa-md5, Cisco ASA [Cisco ASA (MD5 salted) 128/128 AVX 4x3]...
>> PASS
>> Testing: bfegg, Eggdrop [Blowfish 32/64]... (32xOMP) PASS
>> Testing: Bitcoin [SHA512 AES 128/128 AVX 2x]... (32xOMP) *** glibc
>> detected *** ./john: double free or corruption (!prev): 0x000000000224a770
>> ***
>
>
> I replaced the EVP stuff in bitcoin with our own aes.h stuff in 0e2beec and
> have yet to trigger the bug since. Perhaps Kai can test it some more.
>
> If we do get some variant of the problem again (I doubt it), it'll likely be
> easier to debug and/or detected by ASan.
>
> I'll open an issue for finding more uses of EVP and/or BIO that we can get
> rid of. High-level stuff and abstraction layers are often Bad Ideas[tm] in
> high-performance code anyway.
>

I have run "./john --test-full=0 --format=bitcoin" about 500 times and
it did crash.
I think this bug is fixed. Thanks.


Thanks,

Kai

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.