Solar Designer

In https://github.com/openwall/john/issues/5350#issuecomment-1677292579 @Drax4545 clarified this issue/sample is v1.

@the-Chain-Warden-thresh Is this part of a research project on finding embedded copies of code with previously known bugs? A paper upcoming? This CVE description is: ``` Integer overflow in the...

Upstream fix: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07

> Here's a fix: [...] ...but I don't want to commit it until I understand why NT doesn't have any problems with the current code. Do we really want to...

It's really great to see you back, @magnumripper! > I guess we should implement that fix. Since the fix is yours, would you be the one to commit it, please?...

@magnumripper I think you picked a wrong example. I intentionally chose "Summer" and not the numbers, etc. For the numbers, etc., we assume we also have rules that test shorter...

I'm afraid this got beyond the complexity level that I currently have time to fully consider. :-( So I'll add just one comment: in the "Summer" case, we might or...

@magnumripper Probably yes, assuming you have no time to properly test it and fix whatever needs fixing.

@magnumripper The changes you made per this issue that are still not reverted remain problematic. Specifically, your uses of the `a` command are reasonable for `--max-length`, but are unreasonable for...

@Dmc020 Have you actually tried using that other tool? My expectation is that either it will have just as many false positives as we do after this fix you found...