[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <279e99526442a334de0b23f9f5e880a5@smtp.hushmail.com>
Date: Sat, 30 Jun 2012 12:27:10 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: asan report
On 2012-06-30 12:19, jfoug wrote:
>> From: magnum [mailto:john.magnum@...hmail.com]
>>
>> I think we currently guarantee that the strings passed to set_key() are
>> aligned unless ARCH_ALLOWS_UNALIGNED. There is extra code for this in
>> wordlist.c when using buffer mode iirc.
>
> Then that is new code. I used to simply read a file blob into memory,then
> pretty much strtok("\r\n") the file to find line starts (was 'like' strtok).
> However, I do not think I moved the data around at all.
No, but it's taken care of later. See below.
> This 'may' have changed, but I do not think so. So I do not believe we have
> every assured alignment of input passwords.
>
> Just looked. I do not see any alignment assurance code in there.
This:
#if ARCH_ALLOWS_UNALIGNED
const char *line = aligned.buffer[0];
#else
// for unaligned, we have to strcpy INTO line, so we can not have it be
'const'
char *line = aligned.buffer[0];
#endif
...
#if ARCH_ALLOWS_UNALIGNED
line = words[nCurLine++];
#else
strcpy(line, words[nCurLine++]);
#endif
magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
