Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20120716070750.GA20766@openwall.com>
Date: Mon, 16 Jul 2012 11:07:50 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: My audit of cracker, format, loader.c

Jim -

Thank you for your code reviews!

On Sun, Jul 15, 2012 at 04:49:49PM -0400, jfoug@....net wrote:
> I know it is 100% core.  My point is the core code loses the validity checking that was in bleeding, which helped keep spurious fields[2] from being loaded.  The 2 calls to valid were put into prepare on purpose.  They are not in core, but should be.

I dropped those two calls to valid() from LM's prepare() on purpose,
because they looked redundant to me (and in more obscure cases where
they are not strictly redundant, they appeared to be undesired).  They
still do.  loader.c calls valid() on whatever prepare() returns anyway.

Can you explain how spurious fields were being loaded without those
valid() calls, preferably by providing a very specific example (input
file line that gets processed incorrectly without those checks, the
corresponding "john" command-line, and desired vs. actual behavior)?

Thanks again,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.