|
Message-ID: <bab754a3004f9f044eaeb64fe82432eb@smtp.hushmail.com>
Date: Sun, 05 Aug 2012 15:54:48 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Wordlist memory corruption - 1.7.9-jumbo-6
On 2012-08-03 02:43, Solar Designer wrote:
> Guth, Jim, magnum -
>
> On Wed, Aug 01, 2012 at 01:14:25PM +0200, Guth wrote:
>> It seems that jtr segfault/corrupt memory on wordlist attacks under some
>> circonstances:
That's a weird file format but it should not crash of course.
> Yes. wordlist.c in jumbo is extremely dirty. I think we should
> reimplement all changes made to it (relative to its revision in 1.7.9
> release) in a cleaner fashion.
I agree. Maybe we should wait until the unified MPI/--node code is in
there though (or do this to the contest branch).
> I am able to reproduce the crash using this wordlist, thanks.
>
> The bug appears to be that at first lines are counted looking for just
> one of the CR or LF characters, and the words[] array is allocated
> accordingly, but then either character terminates the word and thus
> requires a words[] array element for the next word.
Fixed now in all git trees. This is tested with all variations of LF and
CR I can think of.
magnum
View attachment "wordlist-fix.diff" of type "text/x-patch" (962 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.