[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 13 Sep 2015 18:10:12 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Invalid memory our of bounds read in DES_std_set_key
On 2015-09-13 17:12, Hanno Böck wrote:
> When compiling john-1.8.0 with address sanitizer it will expose an out
> of bounds read in the function DES_std_set_key.
>
> The error happens in line 664:
> DES_key[1] = key[1] & 0x7F;
>
> The variable "key" is a parameter to the function and the value comes
> indirectly from a function call in formats.c, line 168:
> format->methods.set_key("", index);
>
> As you can see an empty string is passed. Therefore accessing key[1]
> won't work.
In Jumbo this is fixed like this:
/* Mutes ASan problems. We pass a buffer long enough for any use */
#define fmt_set_key(key, index) \
{ \
static char buf_key[PLAINTEXT_BUFFER_SIZE]; \
char *s = key, *d = buf_key; \
while ((*d++ = *s++)); \
format->methods.set_key(buf_key, index); \
}
It was actually changed a bit further recently, to have that buffer
SIMD-aligned. BTW inc.c has a similar problem where it tests the
zero-length key, also worked around in Jumbo.
magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
