|
Message-ID: <CANO7a6zkxPb98vAOK43XPCmaVP2g+bHh_fNqJFNEd-oypjfxRA@mail.gmail.com> Date: Wed, 27 Jun 2012 14:57:17 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-dev@...ts.openwall.com Subject: Re: SSH format crashes when built using "linux-x86-clang-debug" On Wed, Jun 27, 2012 at 2:47 PM, Dhiru Kholia <dhiru.kholia@...il.com> wrote: > On Wed, Jun 27, 2012 at 1:51 PM, Solar Designer <solar@...nwall.com> wrote: >> On Wed, Jun 27, 2012 at 12:04:24PM +0530, Dhiru Kholia wrote: >>> SSH format crashes when built using "linux-x86-clang-debug". >>> >>> $ ../run/john -format=ssh -t >>> Benchmarking: SSH RSA/DSA (one 2048-bit RSA and one 1024-bit DSA key) >>> [32/32]... >>> ==5844== ERROR: AddressSanitizer global-buffer-overflow on address >>> 0x0832f51f at pc 0x816a88b bp 0xbff25f58 sp 0xbff25f50 >> >> Can you provide a little bit of disassembly around this place? >> >>> READ of size 1 at 0x0832f51f thread T0 >> > $ ~/llvm/projects/compiler-rt/lib/asan/scripts/asan_symbolize.py < log > Benchmarking: SSH RSA/DSA (one 2048-bit RSA and one 1024-bit DSA key) [32/32]... > ==7052== ERROR: AddressSanitizer global-buffer-overflow on address > 0x0833051f at pc 0x816b42b bp 0xbfcb22b8 sp 0xbfcb22b0 > READ of size 1 at 0x0833051f thread T0 > #0 0x816b42b in benchmark_format /home/dsk/magnum-jumbo/src/bench.c:164 > #1 0x816bec1 in benchmark_all /home/dsk/magnum-jumbo/src/bench.c:453 > #2 0x818ba6a in john_run /home/dsk/magnum-jumbo/src/john.c:873 > #3 0x818521c in main /home/dsk/magnum-jumbo/src/john.c:1093 > #4 0xb72d73d5 in __libc_start_main ??:0 > 0x0833051f is located 30 bytes to the right of global variable > The offending line seems to be memcpy(two_salts[index], salt, > format->params.salt_size); this time. I can see no problem with it. I > commented it out and ssh format runs fine. (but this solution can't be > correct!). The actual size of "static struct custom_salt cs" might be less than defined SALT_SIZE. Will this cause a problem? It this the cause behind the crashes? The following patch fixes the problem (at least on my machine), diff --git a/src/ssh_fmt.c b/src/ssh_fmt.c index b26fa9a..bf0d161 100644 --- a/src/ssh_fmt.c +++ b/src/ssh_fmt.c @@ -40,7 +40,7 @@ #define BENCHMARK_LENGTH -1001 #define PLAINTEXT_LENGTH 32 #define BINARY_SIZE 0 -#define SALT_SIZE 4224 +#define SALT_SIZE sizeof(struct custom_salt) #define MIN_KEYS_PER_CRYPT 1 #define MAX_KEYS_PER_CRYPT 1 -- Cheers, Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.