http://bugzilla.novell.com/show_bug.cgi?id=526273 Summary: john-1.7.3.1-1.70: buffer overrun Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: All OS/Version: openSUSE 11.1 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: dcb314@hotmail.com QAContact: qa@suse.de Found By: --- I just had a look at factory package john-1.7.3.1-1.70 For source code file john-1.7.3.1/src/charset.c around line 375 is the source code for the function charset_generate_all. I notice the following line of code strcpy(header->version, CHARSET_V); but ./BUILD/john-1.7.3.1/src/params.h:#define CHARSET_V1 "CHR1" ./BUILD/john-1.7.3.1/src/params.h:#define CHARSET_V2 "CHR2" ./BUILD/john-1.7.3.1/src/params.h:#define CHARSET_V CHARSET_V2 and ./BUILD/john-1.7.3.1/src/charset.h: char version[4]; so there is a buffer overrun here. Four characters and a zero byte won't fit into a four character field. Suggest code rework. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.