Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20151208225438.067a0d41@pc1>
Date: Tue, 8 Dec 2015 22:54:38 +0100
From: Hanno Böck <hanno@...eck.de>
To: john-dev@...ts.openwall.com
Subject: double free in ssh2john

Hi,

There is a double free error in ssh2john if you run it against a file
that contains two ssl certificate blocks.

Just take a random certificate, add it twice to a file:
cat test.crt test.crt > out.crt

and run
ssh2john out.crt

Seems there is a loop that is freeing all openssl objects at the end of
the loop and then reusing the same objects and freeing them for every
iteration of the loop.

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.