[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <517CEB2D.2080606@mccme.ru>
Date: Sun, 28 Apr 2013 13:26:05 +0400
From: Alexander Cherepanov <cherepan@...me.ru>
To: john-dev@...ts.openwall.com
Subject: Re: testing all valid()s
On 2013-04-28 03:17, magnum wrote:
>>>>> 4. Strange crash (it doesn't occurs with --format):
>>>>>
>>>>> ./john crash_wpapsk.txt
>>>>
>>>> Actually this seems to not be related to wpapsk format, john crashes
>>>> in formspring.
>>>
>>> Well, patch attached.
>>
>> I confirm, thanks lesson learned.
>
> So your formspring problem is gone now? That is a surprise to me because wpapsk loads later than that. Or maybe you did not have Jim's latest fixes? If that was it, we are probably set now.
Actually it's not that suprising:
- crash doesn't happen with --format, so it's a result of formats
interaction;
- crash happens when john reads somthing with $WPAPSK$ prefix and
changing prefix makes crash go away, so wpapsk format is the first suspect;
- valid in wpapsk calls decode_hccap which contains straightforward
static buffer overflow ("copy essid to hccap"), so what remains is to
check that a fix for buffer overflow cures the crash.
Why wpapsk format doesn't crash? It checkes for overly long essids and
rejects these hashes. But it's too late and harm is done.
Why formspring format does crash? Probably its some important static
variables are overwritten by buffer overrun in wpapsk format but I
didn't bother to fire up debugger to check it.
--
Alexander Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
