[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list]
Date: Sat, 31 Mar 2007 21:11:52 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: New MSCASH patch
On Fri, Mar 30, 2007 at 05:27:38PM -0800, Alain Espinosa wrote:
> I think that i forget to put the FMT_SPLIT_UNIFIES_CASE flag.
> Please put it for me.
I've added FMT_SPLIT_UNIFIES_CASE, increased the out[] buffer size in
ms_split(), and added some bounds checking to ms_split() and valid().
I think that you had a buffer overflow there for usernames of longer
than 5 characters. I'm not sure what the maximum username length is;
I've used 32. I did not test this other than with "--test".
Revision 4.1 with the above changes is in contrib/ and is linked from
the web page.
Thanks,
--
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments
--
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ