Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CABtNtWHT=S36MSw_P9t5wJkYvmHN+YpOLORu=PY5fETjsKf-ZA@mail.gmail.com>
Date: Thu, 20 Aug 2015 12:11:38 +0800
From: Kai Zhao <loverszhao@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: --test-full=0 crashes the Bitcoin format

On Thu, Aug 20, 2015 at 3:54 AM, magnum <john.magnum@...hmail.com> wrote:
> On 2015-08-06 18:38, Solar Designer wrote:
>>
>> Kai, magnum -
>>
>> Flag bugs aside, this feature as committed to magnum's jumbo triggers
>> memory corruption:
>>
>> [solar@...er run]$ ./john --test-full=0
>> [...]
>> Testing: asa-md5, Cisco ASA [Cisco ASA (MD5 salted) 128/128 AVX 4x3]...
>> PASS
>> Testing: bfegg, Eggdrop [Blowfish 32/64]... (32xOMP) PASS
>> Testing: Bitcoin [SHA512 AES 128/128 AVX 2x]... (32xOMP) *** glibc
>> detected *** ./john: double free or corruption (!prev): 0x000000000224a770
>> ***
>
>
> I replaced the EVP stuff in bitcoin with our own aes.h stuff in 0e2beec and
> have yet to trigger the bug since. Perhaps Kai can test it some more.
>
> If we do get some variant of the problem again (I doubt it), it'll likely be
> easier to debug and/or detected by ASan.
>
> I'll open an issue for finding more uses of EVP and/or BIO that we can get
> rid of. High-level stuff and abstraction layers are often Bad Ideas[tm] in
> high-performance code anyway.
>

I have run "./john --test-full=0 --format=bitcoin" about 500 times and
it did crash.
I think this bug is fixed. Thanks.


Thanks,

Kai

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.