Open AlekseyCherepanov opened 2 years ago
Both formats do not leak in regular runs (both
--test
and real attacks). So I guess that's a problem with fuzzer.
Or maybe you were not loading many hashes in those real attacks, and there's a real leak per-hash.
Anyway, this is relatively unimportant. I'm not even sure how to label this issue.
I guess I can dump all hashes with --fuzz-dump
:
$ /usr/bin/time ./run/john --format=pkzip --fuzz-dump
Generating pwfile.PKZIP for PKZIP ... 277674426 bytes
Generated pwfile.<format> for 1 formats
1.65user 0.45system 0:02.11elapsed 99%CPU (0avgtext+0avgdata 195636maxresident)k
0inputs+542336outputs (0major+63863minor)pagefaults 0swaps
Then it finishes without leak.
$ /usr/bin/time ./run/john --format=pkzip pwfile.PKZIP --mask=1
Warning: invalid UTF-8 seen reading pwfile.PKZIP
Warning: check for duplicates partially bypassed to speedup loading
Using default input encoding: UTF-8
Loaded 1548 password hashes with 271 different salts (5.7x same-salt boost) (PKZIP [32/64])
Press Ctrl-C to abort, or send SIGUSR1 to john process for status
0g 0:00:00:00 0g/s 8.333p/s 2258c/s 12900C/s 1
Session completed.
3.29user 0.53system 0:03.97elapsed 96%CPU (0avgtext+0avgdata 591372maxresident)k
0inputs+40outputs (0major+186464minor)pagefaults 0swaps
Attack without --mask=1
crashes... I'll make another issue.
Sorry! I deleted comment sent onto wrong page.
ASan reports leaks after
--fuzz
ing format with dynamic salt allocation (#752).I patched out most self tests in
pkzip_fmt_plug.c
, so only the last one is present. It is short and fuzzing finishes in 4 seconds. (Local paths are replaced by...
.)Same thing happens with 7z. It can finish in ~50 seconds without commenting out self-tests. But 7z requires fix for #4971. (I am about to send PR with it.)
Both formats do not leak in regular runs (both
--test
and real attacks). So I guess that's a problem with fuzzer.Both formats have the following setting for salts:
I did not test formats with different variants of the setting.