[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e948a1fc0c22b6614b02d690199922e4@smtp.hushmail.com>
Date: Sat, 30 Jun 2012 12:14:18 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: asan report
On 2012-06-30 12:05, jfoug wrote:
>> From: magnum Sent: Saturday, June 30, 2012 4:55 AM
>> I think I see now. It's just the self-tests. For example, one self-test
>> does:
>>
>> format->methods.set_key("", index);
>>
>> I think we should "fix" the self-tests, not the formats. If anything.
>
> I was just going to reply the same thing.
>
> We are reading past buffer, by up to 3 bytes, but properly detecting and
> handling it internally.
>
> However, in the self test, we are dealing with const strings, of known size.
> Thus, on a picky compiler, it will not allow this. Simple fix. Put a
> buffer on stack in self test, large enough for the work, and use it. This
> would also allow us to force a non-aligned input for the password also.
I think we currently guarantee that the strings passed to set_key() are
aligned unless ARCH_ALLOWS_UNALIGNED. There is extra code for this in
wordlist.c when using buffer mode iirc.
magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
