Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100202020628.GA27389@openwall.com>
Date: Tue, 2 Feb 2010 05:06:28 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Patch to John-1.7.4.2 after jumbo2

The Subject on Jim's message was wrong - there was no "jumbo2" for JtR
1.7.4.2 at the time he made the posting.  Nevertheless, I kept the
Subject line intact for now.

Jim -

On Mon, Jan 25, 2010 at 06:39:25PM -0600, JFoug wrote:
> There is a bug in john (crash).  If you use a -w and do not provide a hash 
> file (or no hashes of the proper type are loaded), john will crash.

I've confirmed the bug.  However, as far as I'm aware, it has nothing to
do with the "-w" option specifically, and your fix looks overly
complicated.  I'd rather fix the oversight in the recently changed code.
Specifically, changing this line in loader.c: ldr_init_hash():

	if (db->format->params.flags & FMT_BS) {

to:

	if (db->format && (db->format->params.flags & FMT_BS)) {

makes the problem go away for me.  Can you please confirm that this is a
sufficient fix for your test cases as well?

> What happened was the loading code was totally changed (for the better). 
> When it returns, and there were no hashes loaded, the DB structure still 
> has the list of them as a null value, and it is dereferenced PRIOR to the 
> check for no hashes loaded.

No, as far as I'm aware, the code is careful to allow for the list
pointer being NULL.  The oversight was in assuming that there was a
format detected for the newly introduced threshold calculation.  In case
anyone is curious, this new code is responsible for deciding between
the use of DES_bs_cmp_all() vs. hash tables.  Previously, this was
approached in a dumber manner - the smallest hash table size was always
disabled for "bitsliced formats".  Now the code attempts to actually
estimate the computational complexity of the two approaches.

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.