|
Message-ID: <CABtNtWFU_4218fuMnwtmfor0BWdNQ7pOcsZJv9X8Uen0xkUTKg@mail.gmail.com>
Date: Tue, 26 May 2015 14:54:59 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Fuzzing Report on wordlist, rules, chr
Hi Alexander,
There are several bugs have been found with JtR 1.7. I want to
describe each bug in an email to make it clear.
First bug with JtR 1.7
-----------------------------
1. Build with asan
2. Crack LM format
$ cat lm_fmt
kai:$LM$cbc501a4d2227738
$ ../john lm_fmt
Loaded 1 password hash (NT LM DES [64/64 BS])
==11682==ERROR: AddressSanitizer: global-buffer-overflow on address
0x0000004d6fc0 at pc 0x417b2f bp 0x7ffe35252860 sp 0x7ffe35252858
READ of size 4 at 0x0000004d6fc0 thread T0
#0 0x417b2e in DES_bs_set_key_LM
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/DES_bs.c:264
#1 0x4716da in fmt_self_test
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/formats.c:71
#2 0x46ca04 in crk_init
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/cracker.c:58
#3 0x4af18f in single_init
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/single.c:123
#4 0x4af18f in do_single_crack
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/single.c:372
#5 0x448044 in do_single_pass
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/batch.c:19
#6 0x448044 in do_batch_crack
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/batch.c:44
#7 0x4056dd in john_run
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/john.c:286
#8 0x4056dd in main
/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/src/john.c:345
#9 0x7fd045ca5ec4 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#10 0x4064f5
(/home/zhaokai/WorkSpace/open_wall/john-1.7_asan/run/john+0x4064f5)
The bug is in DES_bs.c::DES_bs_set_key_LM(), and now it has been
fixed in JtR 1.8.0.
Thanks,
Kai
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.