[prev in list] [next in list] [prev in thread] [next in thread] 

List:       john-users
Subject:    [john-users] [PATCH] avoid stack smash for NETHALFLM / NET(HALF)LM cleanup
From:       Till Maas <opensource () till ! name>
Date:       2008-10-29 19:19:18
Message-ID: 200810292019.25328.opensource () till ! name
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


Hiyas,

john --test --format=NETHALFLM crashed on my Fedora systeme because of a 
smashed stack. The array lm was not big enough to hold the full key that is 
assigned to it with setup_des_key afaics. Attached is a patch that changes 
lm[7] to lm[8].

I used john-1.7.3.1 and john-1.7.3.1-all-5.diff.gz.

Btw. is there more documentation available about writing format extensions for 
john except the formats.h?

Also it should be possible to merge NETHALFLM_fmt.c and NETLM_fmt.c, because 
they are almost identical except for some constants and some improvements to 
NETHALFLM_fmt.c, that were not merged into NETLM_fmt.c. I am not an 
experienced C-programmer, so the best way to do this for me would to create a 
file that contains all the common code, and only keep the #defines in the 
*_fmt.c files and then #include the common code. Would this be good or is 
there a better way to do this?


Regards,
Till

["john-1.7.3.1-all-5-NETHALFLM-stack-smash.patch" (text/x-diff)]

diff -up john-1.7.3.1/src/NETHALFLM_fmt.c.stack_smash john-1.7.3.1/src/NETHALFLM_fmt.c
--- john-1.7.3.1/src/NETHALFLM_fmt.c.stack_smash	2008-10-29 19:45:21.000000000 +0100
+++ john-1.7.3.1/src/NETHALFLM_fmt.c	2008-10-29 19:48:15.000000000 +0100
@@ -106,10 +106,10 @@ static void nethalflm_crypt_all(int coun
   static unsigned char magic[] = {0x4b, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25};
   DES_key_schedule ks;
   unsigned char password[7 + 1];
-  unsigned char lm[7];
+  unsigned char lm[8];
 
   /* clear buffers */
-  memset(lm, 0, 7);
+  memset(lm, 0, 8);
   memset(output, 0, 8);  
 
   strncpy((char *) password, saved_plain, 7);

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic