Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CABob6iovhs7J2NxMtMq8+XD0fpHA4KLUtnqP+Ty00-tOt8bzsA@mail.gmail.com>
Date: Wed, 2 May 2012 16:14:10 +0200
From: Lukas Odzioba <lukas.odzioba@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: wpapsk.h warnings

2012/5/2 Solar Designer <solar@...nwall.com>:
> Lukas, magnum -
>
> On Tue, May 01, 2012 at 11:57:05PM +0200, magnum wrote:
>> I get these warnings when building. The first one looks like an actual
>> bug to me, or maybe I misunderstand the code:
>>
>> In file included from opencl_wpapsk_fmt.c:15:0:
>> wpapsk.h: In function ???decode_hccap???:
>> wpapsk.h:102:9: warning: array subscript is above array bounds
>> [-Warray-bounds]
>>
>> The array is char[6] but you write all the way to 118 * 3, no?
>
> I looked into this yesterday.  The out-of-bounds writes look intentional
> (I think they're still within the struct, although I did not verify
> that), but there's assumption that they're permitted and that the struct
> is packed.  We can only ensure the latter with specific compilers (such
> as with gcc's __attribute__((packed)), which we'll need to specify),
> although in practice I am not aware of cases of compilers inserting
> padding between fields of type char.
>
> I think it'd be best to rewrite this, maybe by using a union - one
> sufficiently large array union'ed with a struct - although that still
> depends on the struct being packed.
>
> Alexander

Code may look weird but it was intentional. I didn't want to
parse/copy each parameter separately. I added in hccap2john and in
_fmt files asserts(sizeof(hccap)==HCCAP_SIZE);
I am not absolutely sure but this in my opinion catch out of struct
error if it may occur.

If necessary I could rewrite this method in "proper" way.

Lukas

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.