|
Message-ID: <a350203dd5a0bde7aab07c2ee4e5a8a1@smtp.hushmail.com>
Date: Mon, 10 Dec 2012 03:11:55 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: fixing the valid() methods
On 10 Dec, 2012, at 1:27 , Solar Designer <solar@...nwall.com> wrote:
> On Wed, Sep 19, 2012 at 01:15:37AM +0400, Alexander Cherepanov wrote:
>> On 2012-09-17 01:23, Alexander Cherepanov wrote:
>>> And I suspect that every format with trivial valid() -- there are
>>> ~40-50 of them -- have buffer overflows in get_salt and/or similar
>>> functions. You don't need a code analyzer to find them.
>>
>> To have something for a start here are crashers for 36 formats:
> ...
Here's a curious patch you can apply (do not commit) for breaking many formats' valid(). It just drops the last character of the ciphertext and calls valid() until there's nothing left. Problems will unfortunately be indicated by a segfault :-)
The first test that dies from this in a full test run is KRB4.
magnum
Download attachment "0001-Self-test-valid-killer-that-unfortunately-will-produ.patch" of type "application/octet-stream" (1006 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.