[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000501cc1b0d$1aa81690$4ff843b0$@net>
Date: Wed, 25 May 2011 13:53:57 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: SSE bug still there in Jumbo-5-RC6++
>-----Original Message-----
>From: magnum [mailto:rawsmooth@...dband.net]
>
>The mssql problem is fixed, patch uploaded to wiki.
>
>Actually I never found the exact cause.
static void mssql_init(struct fmt_main *pFmt)
{
#ifdef MMX_COEF
memset(saved_key, 0, sizeof(saved_key));
#else
- saved_key = mem_alloc_tiny(PLAINTEXT_LENGTH*2 + 1, MEM_ALIGN_WORD);
+ saved_key = mem_alloc_tiny(PLAINTEXT_LENGTH*2 + 1 + SALT_SIZE,
MEM_ALIGN_WORD);
#endif
This was fixed, without the OMP removal. Same bug in the non MMX builds of
mssql05. Memory overwrite if the password went over 23 bytes long. In the
older code, 51 bytes were set aside. Then 23*2+4 == 50. However, plaintext
len was 25, so 24 and 25 char passes blew the buffer. Prior to your change,
saved_key was a static buffer, and not alloc, but same type bug. Down in
cryptall, we do a memcpy of the cursalt to past where the Unicode password
lives.
Jim.
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
