|
Message-ID: <b4737d46d700411a6172a2db958a8616@smtp.hushmail.com> Date: Sun, 13 Sep 2015 18:10:12 +0200 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: Invalid memory our of bounds read in DES_std_set_key On 2015-09-13 17:12, Hanno Böck wrote: > When compiling john-1.8.0 with address sanitizer it will expose an out > of bounds read in the function DES_std_set_key. > > The error happens in line 664: > DES_key[1] = key[1] & 0x7F; > > The variable "key" is a parameter to the function and the value comes > indirectly from a function call in formats.c, line 168: > format->methods.set_key("", index); > > As you can see an empty string is passed. Therefore accessing key[1] > won't work. In Jumbo this is fixed like this: /* Mutes ASan problems. We pass a buffer long enough for any use */ #define fmt_set_key(key, index) \ { \ static char buf_key[PLAINTEXT_BUFFER_SIZE]; \ char *s = key, *d = buf_key; \ while ((*d++ = *s++)); \ format->methods.set_key(buf_key, index); \ } It was actually changed a bit further recently, to have that buffer SIMD-aligned. BTW inc.c has a similar problem where it tests the zero-length key, also worked around in Jumbo. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.