Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 Feb 2008 22:04:34 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: NETHALFLM patch

On Mon, Feb 04, 2008 at 12:06:47PM +0530, Dhirendra Singh Kholia wrote:
> This patch adds support for cracking first 7 characters of LM response.

Thank you for the contribution!

Unfortunately, something (your webmail service?) has garbled the
whitespace within the patch.  Can you please re-post it by other means -
e.g., using a regular mail client (SMTP) and with the patch as a
text/plain attachment?  Note that it is important to have MIME type of
the attachment as text/plain in order for the patch to be readily
visible in web-based archives of the list.

> + tmp = (char *) mem_alloc(7 + strlen(challenge) + strlen(nethalflm) + 1);
> + memset(tmp, 0, 7 + strlen(challenge) + strlen(nethalflm) + 1);
> + sprintf(tmp, "$NETHALFLM$%s$%s", challenge, nethalflm);

You don't need the memset() and you have a buffer overflow with the
sprintf() - the constant should be 12, not 7.

> +  static char out[TOTAL_LENGTH + 1];
> +
> +  memset(out, 0, TOTAL_LENGTH + 1);
> +  memcpy(&out, ciphertext, TOTAL_LENGTH);

You don't need the memset(), you only need:

out[TOTAL_LENGTH] = 0;

> +  memset(password, 0, 7 + 1);

memset() not needed since you use strncpy() below, which NUL-pads.

> +  memset(output, 0, 24);

Too large.

> +  strncpy((char *) password, saved_plain, 14);

Should be 7, not 14.

> +  memset(saved_plain, 0, PLAINTEXT_LENGTH + 1);
> +  strncpy(saved_plain, key, PLAINTEXT_LENGTH);

No need for the memset() and for NUL-padding with strncpy() if you also
use strncpy() on saved_plain later (above), but you do need
NUL-termination for your get_key() (or you can do it there).

> +  /* Upper-case password */
> +  for(i=0; i<PLAINTEXT_LENGTH; i++)
> +    if ((saved_plain[i] >= 'a') && (saved_plain[i] <= 'z'))
> saved_plain[i] ^= 0x20;

Should exit the loop on first NUL seen.

> +    FMT_8_BIT | FMT_BS | FMT_SPLIT_UNIFIES_CASE,

FMT_BS is wrong here, it stands for "bitslice".

> +      fmt_default_binary_hash,
> +      fmt_default_binary_hash,
> +      fmt_default_binary_hash

That's the special case of loader slowness that I've just mentioned in
my previous posting...

These are just some of the bugs and inefficiencies that I was able to
spot quickly.  Yet I do appreciate contributed patches. :-)

Thanks again,

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.