Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 6 Sep 2006 23:42:39 +0400
From: Solar Designer <>
Subject: Re:  Re: "Extra" in incremental mode not fully working - john17 stuckdumped

On Tue, Aug 29, 2006 at 01:35:41PM +0000, Radim wrote:
> I couldn't help myself to provide additional info. I've tried my Extra option 
> with the official windows builds of john and I've managed to stackdump the 
> original 1.7 release with it:
> ---
> john17 -in:Alphacz4 --stdout > alphacz4.out
> Warning: only 35 characters available
>       3 [main] john17 2812 handle_exceptions: Exception: STATUS_ACCESS_VIOLATION

Yes, John 1.7 and below did not check for all possible misconfigurations
of "incremental" mode settings or charset files, so you could make it
crash like that.  In your case, the misconfiguration is the use of
characters beyond the compile-time CHARSET_MAX in Extra.

JtR and above includes extra sanity checking, so such crashes
should not be possible anymore (except with external modes accessing out
of bounds array locations).

> The is behaving better, but it still throws somewhat misleading message 
> with the official alpha.chr:
> ---
> Incorrect charset file format: alpha.chr

Oh, yes, there's a bug:

	if (expand(allchars, extra ? extra : "", sizeof(allchars)))

I used inc_format_error() on all expand() errors, which is correct for
all but this one.  "Extra" doesn't come from a .chr file, so this
expand() call should be split into two - one to check allchars (which
does come from a .chr file) and the other to add the Extra characters
and check them.  The error message on the second call's failure should
be different.

Thank you for the bug report!

Alexander Peslyak <solar at>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15 - bringing security into open computing environments

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.