Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <014e01cd5929$f0c49a40$d24dcec0$@net>
Date: Tue, 3 Jul 2012 09:41:32 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: plans for 1.7.9-jumbo-7, new formats interface, 1.8

Here is the bug:

Change

#include <openssl/md5.h>

To 

#include "md5.h"


NOTE, this will only impact certain builds.  However, it will impact them.
You need to use JtR's, ifdef logic in determining exactly 'what' md5 code to
use.

Jim.

>-----Original Message-----
>From: Dhiru Kholia [mailto:dhiru.kholia@...il.com]
>Sent: Monday, July 02, 2012 11:49 PM
>To: john-dev@...ts.openwall.com
>Subject: Re: [john-dev] plans for 1.7.9-jumbo-7, new formats interface,
>1.8
>
>On Tue, Jul 3, 2012 at 9:46 AM, jfoug <jfoug@....net> wrote:
>> Speaking of Radmin,  I get this when running under VC, in debug mode
>> (has stack checking on by default).  (-test=0)
>>
>> Benchmarking: RAdmin v2.x MD5 [32/32]...
>> (0) : Run-Time Check Failure #2 - Stack around the variable 'input'
>> was corrupted.
>> (0) : Run-Time Check Failure #2 - Stack around the variable 'ctx' was
>> corrupted.
>> So somewhere, we have some memory issues.  When I run a -test=1
>> -form=radmin I get a ton more of those messages.  From the 2 vars, it
>> looks like something in crypt_all.
>
>Can't reproduce this under clang-debug or gcc's -fstack-protector. I
>don't have a Windows development box to debug this. Can you please see
>what is wrong in crypt_all? (Try replacing strcpy with strncpy for a
>start).
>
>> One other big issue I see here, is when you allocate crypt_out, it
>> MUST be done MEM_ALIGN_WORD.  You later access this as a ARCH_WORD_32.
>> On systems that do not allow unaligned access (sparc for one), it will
>core.
>
>Fixed now. Thanks!
>
>--
>Cheers,
>Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.