Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <028f01ce525f$b1b56930$15203b90$@net>
Date: Thu, 16 May 2013 13:03:39 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: missing parentheses in dynamic_fmt.c

The problem was a MD5-x2 bug.  In the X2, there were 2 inputs getting 0x10
bytes written to them.  But one of them was not getting the length set.

So in self test:

1 pw was set.  But in the MD5 2 input buffers written to.  We only set
length of the first to 16 bytes. The other was left at 0.

Then the test with 2 pw's.  The cleanup still saw the end input buffer as
being empty, so did not properly clean it up, and thus, a 5 byte password
had 11 bytes of crap left over from the first dual md5 crypt.

I simply removed the check for the value being past 'count'.  It can be past
count in the 2x md5 mode.  It did take a bit of stepping to find the bug,
along with it is sort of hard to get 2x md5 in my vc test environment.  I
link an x86.o file built by cygwin (which has MD5_body), and MD5_std.c also
has MD5_body (for the 2X builds).  So I had to #define change the name of
the one in MD5_std.o to get link to work, but once I got that done and
linked properly, I was able to find the problem with a little stepping and
digging.

Jim.

From: magnum Sent: Thursday, May 16, 2013 6:52
>On 16 May, 2013, at 13:04 , Jeremi Gosney <epixoip@...dshell.nl> wrote:
>> On 05/16/2013 03:39 AM, magnum wrote:
>>> On 16 May, 2013, at 11:46 , Jeremi Gosney <epixoip@...dshell.nl> wrote:
>>>> dynamic_fmt.c is missing a right parentheses on line 697 that 
>>>> prevents it from compiling on big endian.
>>>> 
>>>> #if !ARCH_LITTLE_ENDIAN
>>>> -    memset(input_buf_X86, 0, FLAT_INP_BUF_SZ;
>>>> +    memset(input_buf_X86, 0, FLAT_INP_BUF_SZ);
>>>> #endif
>>>> 
>>> Committed, thank you. Does it pass a "-t=0 -form=dynamic" on BE after
this fix?
>>> 
>>> magnum
>> 
>> All formats except dynamic_1300 pass their self-tests, which IIRC is a
known issue.
>
>Thanks. Dynamic_1300 was fixed in 19992ec, 4 days ago but Jim probably
hasn't tried it on BE yet. I'll create an issue on GitHub.
>
>Oh, I see now it doesn't work with a -generic build on x86 either. So it's
not an endian problem.

Download attachment "JtR-Dyna_1300_generic_X2_fix.patch" of type "application/octet-stream" (547 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.