Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 8 Jul 2016 19:14:19 +0200
From: magnum <>
Subject: Re: rules.c bug/feature

On 2016-07-08 15:53, Solar Designer wrote:
> On Fri, Jul 08, 2016 at 04:19:20PM +0300, Solar Designer wrote:
>> On Fri, Jul 08, 2016 at 02:24:58PM +0200, magnum wrote:
>>> On 2016-07-06 18:27, Solar Designer wrote:
>>>> 		in[RULE_WORD_SIZE - 1] = 0;
>>>> Is this somehow broken?  We should identify the issue and fix it if so.
>>> Sounds good, but then it must be broken somehow. The memcpy in 'd' did
>>> blow the buffer and overwrote rules_data.classes and I verified this
>>> happens in John proper too. I'm not sure why but I'll let you handle it.
>> You're right.  I didn't bother reproducing it, but I think I know what
>> the problem is: when I introduced the "length" variable some years ago,
>> I forgot to update the loop logic to clamp not only the buffer but also
>> this integer variable to the maximum length.  I think the attached patch
>> should fix it.  I'll test and commit it.
> Committed.

Merged to Jumbo now.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.