john-dev - Re: testing all valid()s

Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <831580ef9d2aa18e69a246c91c309a04@smtp.hushmail.com>
Date: Sun, 14 Apr 2013 23:00:53 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: testing all valid()s

So crypt returns NULL on error, as documented. The fix is obvious:

diff --git a/src/c3_fmt.c b/src/c3_fmt.c
index 6ca5ae4..98bda0f 100644
--- a/src/c3_fmt.c
+++ b/src/c3_fmt.c
@@ -138,7 +138,7 @@ static int valid(char *ciphertext)
        new_ciphertext = crypt(pw, ciphertext);
 #endif
 
-       if (strlen(new_ciphertext) == length &&
+       if (new_ciphertext && strlen(new_ciphertext) == length &&
            !strncmp(new_ciphertext, ciphertext, 2)) {
                sup_length[length] = 1;
                sup_id[id] = 1;

magnum


On 14 Apr, 2013, at 22:30 , Frank Dittrich <frank_dittrich@...mail.com> wrote:

> On 04/14/2013 02:45 PM, Solar Designer wrote:
>> Doesn't happen for me.  I wonder if the problem is in your system's
>> libc or libcrypt.  Can you build JtR with -g (and remove -s from
>> LDFLAGS) and post a backtrace?  Thanks!
> 
> 
> CFLAGS = -c -Wall -O0 -g
> LDFLAGS =
> OPT_NORMAL =
> $ make linux-x86-sse2 > /dev/null
> DES_bs.c:305:25: warning: always_inline function might not be inlinable
> [-Wattributes]
> dummy.c:98:21: warning: always_inline function might not be inlinable
> [-Wattributes]
> 
> $ gdb ../run/john
> GNU gdb (GDB) Fedora (7.5.1-37.fc18)
> Copyright (C) 2012 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "i686-redhat-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /home/fd/john-1.7.9/run/john...done.
> (gdb) run --format=crypt ../run/crash.crypt
> Starting program: /home/fd/john-1.7.9/run/john --format=crypt
> ../run/crash.crypt
> 
> Program received signal SIGSEGV, Segmentation fault.
> __strlen_sse2 () at ../sysdeps/i386/i686/multiarch/strlen-sse2.S:62
> 62		cmpb	$0, (%edx)
> (gdb) bt
> #0  __strlen_sse2 () at ../sysdeps/i386/i686/multiarch/strlen-sse2.S:62
> #1  0x08068373 in valid (ciphertext=0xbfffeb66 "$B$$000000000") at
> c3_fmt.c:141
> #2  0x0805edec in ldr_split_line (login=0xbfffeafc,
> ciphertext=0xbfffeaf8, gecos=0xbfffeaf4,
>    home=0xbfffeaf0, source=0x0, format=0x8093bec <database+44>,
> options=0x80ce3b4, line=0x0)
>    at loader.c:350
> #3  0x0805efd5 in ldr_load_pw_line (db=0x8093bc0 <database>,
> line=0xbfffeb64 "B") at loader.c:428
> #4  0x0805e3f7 in read_file (db=0x8093bc0 <database>, name=0x80ce39c
> "../run/crash.crypt", flags=2,
>    process_line=0x805ef8b <ldr_load_pw_line>) at loader.c:66
> #5  0x0805f504 in ldr_load_pw_file (db=0x8093bc0 <database>,
> name=0x80ce39c "../run/crash.crypt")
>    at loader.c:569
> #6  0x0805dab7 in john_load () at john.c:204
> #7  0x0805dd40 in john_init (name=0xbffff306 "john", argc=3,
> argv=0xbffff124) at john.c:304
> #8  0x0805e137 in main (argc=3, argv=0xbffff124) at john.c:426
> (gdb) up
> #1  0x08068373 in valid (ciphertext=0xbfffeb66 "$B$$000000000") at
> c3_fmt.c:141
> 141		if (strlen(new_ciphertext) == length &&
> (gdb) print new_ciphertext
> $1 = 0x0
> 
> 
> So, this is the same statement as with unstable-jumbo, just a different
> line number.
> Ant new_ciphertext points to NULL.
> 
> Frank
>
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.