Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <556355E1.2080009@mailbox.org>
Date: Mon, 25 May 2015 19:03:29 +0200
From: Frank Dittrich <frank.dittrich@...lbox.org>
To: john-users@...ts.openwall.com
Subject: Re: Using loopback with regex could cause crash

On 05/25/2015 06:38 PM, Marek Wrzosek wrote:
> Hi
> 
> If john.pot contains e.g. "." and john is started with --loopback
> --rules=none --regex=case=alpha:case="\0" (--regex="\0" doesn't crash
> with the same john.pot) then this could happen:
> 
> buf=[sS][eE][xX][iI][sS]
> buf=0
> buf=[jJ]
> buf=[mM]
> buf=[pP]
> buf=2
> buf=9
> buf=[bB]
> buf=[cC]
> buf=[dD]
> buf=[lL]
> buf=[gG]
> buf=[wW]
> buf=.
> error: syntax error, unexpected $end
> Error, invalid regex expression.  John exiting now  base_word=.  Regex= .
> 
> I think that forbidden characters should be escaped with \ or in []
> brackets, don't you think? First would require changing john, but latter
> maybe only changing regex_alphabets.conf e.g. by adding ".=[.]" line.

I think john's --regex implementation should be changed in a way that it
automatically adds <char>=[<char>] "replacements" for all characters
that don't have any replacements defined in an alpha section.
Usually that's what the user would expect, I think.

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.