Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <003a01ce3ac1$170bee00$4523ca00$@net>
Date: Tue, 16 Apr 2013 11:40:22 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: simple issue to possibly fix

From: johnuser [mailto:johnuser1243@...oo.com] 
>[quote]
>You should be able to fix that. Look in dynamic_utils.c, around line 165.
>
>Code:
>
>cpx += sprintf(cpx, "%x", *cp++);
>
>should be
>
>cpx += sprintf(cpx, "%02x", *cp++);
>[/quote]

That is certainly a bug, and appears that the %02x is the proper fix.  The
size of the buffer already had enough bytes added (double compute of the
strlen(cp)), so there is enough memory. The %x worked fine for any byte
larger than 0x0F.  However, lower bytes that were mangled as shown, and my
testing during development did not catch this.

This was a somewhat 'late' addon, to work around other issues, like ':', \r
\n (and even '$') being in the salt, which were breaking the .pot file.  

Jim.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.