Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <016701cc9e62$1f14c420$5d3e4c60$@net>
Date: Tue, 8 Nov 2011 16:02:34 -0600
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: LM & NT prepare() segfaults

This was called on pot loading, in an attempt to match/deal with 'valid'
lines, in any valid format.

So, 

$dynamic_0$01234567890123456789000:some_pass
01234567890123456789000:some_pass
md5_gen(0)01234567890123456789000:some_pass

would all be seen as valid lines, that would scrub a hash at startup.   The
pot will ONLY have this format: $dynamic_0$01234567890123456789000:some_pass
written into it, but the prepare was added to try to 'unify' validity
checking of the pot file.  Also, if a user started with raw-md5, and later
used dynamic_0, then things would 'work' properly.  

 I will need to put a little time in to answer your question, but I believe
the only 2 fields 'required' would be the first 2.  Yes, we certainly would
need to add proper logic into lm/nt (or ANY prepare), to check if element 2
was null or not, prior to using it.

NOTE, in loader, all nulls get set to "", so it is likely that is the proper
thing to add to the pot loading.  Simply make sure that all array elements
past the first 2, are set to "".  There is NO information in the pot file
that can help the prepare function, beyond the first 2 elements anyway (both
of them being the hash.

Jim.

>From: Solar Designer [mailto:solar@...nwall.com]
>
>Jim -
>
>With 0037-dynamic-split-addition-1.diff prepare() is now called not only
>for password files to crack, but also for pot entries.  (I don't know
>what you're doing this for, but that's another matter.)  This exposed
>the fact that implementations of prepare() just assume that their
>expected number of fields is available.  Specifically, LM's and NT's
>prepare() look for fields beyond the 2nd.  I've just introduced the
>obvious non-NULL checks into these two.
>
>What about the first two fields, though - should prepare() assume that
>these are always present?  Should loader.c be careful to only call
>prepare() when at least two fields are present?  Does it ensure that
>currently (I haven't checked)?
>
>Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.