[prev in list] [next in list] [prev in thread] [next in thread]
List: john-users
Subject: [john-users] [PATCH] avoid stack smash for NETHALFLM / NET(HALF)LM cleanup
From: Till Maas <opensource () till ! name>
Date: 2008-10-29 19:19:18
Message-ID: 200810292019.25328.opensource () till ! name
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
Hiyas,
john --test --format=NETHALFLM crashed on my Fedora systeme because of a
smashed stack. The array lm was not big enough to hold the full key that is
assigned to it with setup_des_key afaics. Attached is a patch that changes
lm[7] to lm[8].
I used john-1.7.3.1 and john-1.7.3.1-all-5.diff.gz.
Btw. is there more documentation available about writing format extensions for
john except the formats.h?
Also it should be possible to merge NETHALFLM_fmt.c and NETLM_fmt.c, because
they are almost identical except for some constants and some improvements to
NETHALFLM_fmt.c, that were not merged into NETLM_fmt.c. I am not an
experienced C-programmer, so the best way to do this for me would to create a
file that contains all the common code, and only keep the #defines in the
*_fmt.c files and then #include the common code. Would this be good or is
there a better way to do this?
Regards,
Till
["john-1.7.3.1-all-5-NETHALFLM-stack-smash.patch" (text/x-diff)]
diff -up john-1.7.3.1/src/NETHALFLM_fmt.c.stack_smash john-1.7.3.1/src/NETHALFLM_fmt.c
--- john-1.7.3.1/src/NETHALFLM_fmt.c.stack_smash 2008-10-29 19:45:21.000000000 +0100
+++ john-1.7.3.1/src/NETHALFLM_fmt.c 2008-10-29 19:48:15.000000000 +0100
@@ -106,10 +106,10 @@ static void nethalflm_crypt_all(int coun
static unsigned char magic[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
DES_key_schedule ks;
unsigned char password[7 + 1];
- unsigned char lm[7];
+ unsigned char lm[8];
/* clear buffers */
- memset(lm, 0, 7);
+ memset(lm, 0, 8);
memset(output, 0, 8);
strncpy((char *) password, saved_plain, 7);
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic