Results 1 to 10 of 10

Thread: patch for crunch.c

Hybrid View

  1. #1
    Senior Member MikeCa's Avatar
    Join Date
    Jan 2010
    Location
    DC
    Posts
    129

    Default patch for crunch.c

    There exists a bug in crunch version 1.8 where junk characters from memory will be output because of improper string initialization.

    For example: ./crunch 1 1 abcdefghijklmnopqrstuvwxyz0123456789 will output 37 lines, the last one being junk from memory. The problem exists with any length of output chosen. If you modify the charset then sometimes memory will be initialized in a way that this issue won't be seen (for example, calloc might jump to memory a few bytes forward).

    Here is a patch:
    Code:
    --- crunch.c_orig	2010-01-26 16:16:50.000000000 -0600
    +++ crunch.c	2010-01-26 16:18:55.000000000 -0600
    @@ -272,7 +272,7 @@
     FILE *optr;        /* ptr to output file */
     errno=0;
     
    -  block = (char*) calloc(end,sizeof(char)); /* block can't be bigger than max size */
    +  block = (char*) calloc(end+1,sizeof(char)); /* block can't be bigger than max size */
       if (block == NULL) {
         printf("crunch: can't allocate memory for block\n");
         exit(EXIT_FAILURE);
    @@ -492,7 +492,7 @@
       }
     
       if ((argc >= 4) && (strncmp(argv[3],"-",1) != 0)) { /*test for ./crunch 1 2 -? */
    -    charset = (char*) calloc(strlen(argv[3]),sizeof(char)); /* user specified charset */
    +    charset = (char*) calloc(strlen(argv[3])+1,sizeof(char)); /* user specified charset */
         if (charset == NULL) {
           printf("crunch: can't allocate memory for charset\n");
           return -1;

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default Re: patch for crunch.c

    Cool, Ill review,test and add it.

  3. #3
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default Re: patch for crunch.c

    How odd I missed that. The patch works for me and I have applied it to my copy. I have also make a slight improvement to crunch. There are two permute functions and I was able to get it down to one. This post has lead me to do some additional tests and I found a few more minor problems. Pureh@te can add the patch and deploy it while I continue to work on these bugs.

    Thanks,
    I like the bleeding edge, but I don't like blood loss

  4. #4
    Senior Member MikeCa's Avatar
    Join Date
    Jan 2010
    Location
    DC
    Posts
    129

    Default Re: patch for crunch.c

    Rock on, thanks for the work bofh28.

  5. #5
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default Re: patch for crunch.c

    Please link me to the sources you used to patch. I can not seem to make it apply to the source I have in the repo.


    EDIT: So looks like 1.8 is the latest version but I can not get the patch to apply. Can you show me what -p option you are using or just the whole command rather?
    Last edited by purehate; 01-27-2010 at 06:37 AM.

  6. #6
    Senior Member MikeCa's Avatar
    Join Date
    Jan 2010
    Location
    DC
    Posts
    129

    Default Re: patch for crunch.c

    Opps, I pasted the diff, not the patch. This should work (cd /pentest/passwords/crunch && patch -p1 -i crunch.patch):

    Code:
    diff -crB crunch/crunch.c crunch2/crunch.c
    *** crunch/crunch.c	2010-01-26 16:16:50.000000000 -0600
    --- crunch2/crunch.c	2010-01-26 22:31:33.000000000 -0600
    ***************
    *** 272,278 ****
      FILE *optr;        /* ptr to output file */
      errno=0;
      
    !   block = (char*) calloc(end,sizeof(char)); /* block can't be bigger than max size */
        if (block == NULL) {
          printf("crunch: can't allocate memory for block\n");
          exit(EXIT_FAILURE);
    --- 272,278 ----
      FILE *optr;        /* ptr to output file */
      errno=0;
      
    !   block = (char*) calloc(end+1,sizeof(char)); /* block can't be bigger than max size */
        if (block == NULL) {
          printf("crunch: can't allocate memory for block\n");
          exit(EXIT_FAILURE);
    ***************
    *** 492,498 ****
        }
      
        if ((argc >= 4) && (strncmp(argv[3],"-",1) != 0)) { /*test for ./crunch 1 2 -? */
    !     charset = (char*) calloc(strlen(argv[3]),sizeof(char)); /* user specified charset */
          if (charset == NULL) {
            printf("crunch: can't allocate memory for charset\n");
            return -1;
    --- 492,498 ----
        }
      
        if ((argc >= 4) && (strncmp(argv[3],"-",1) != 0)) { /*test for ./crunch 1 2 -? */
    !     charset = (char*) calloc(strlen(argv[3])+1,sizeof(char)); /* user specified charset */
          if (charset == NULL) {
            printf("crunch: can't allocate memory for charset\n");
            return -1;

  7. #7
    Senior Member kidFromBigD's Avatar
    Join Date
    Jan 2010
    Location
    Texas
    Posts
    159

    Default Re: patch for crunch.c

    Sorry, feel like the answer should be right in front of me, but patching isn't working for me...

    /pentest/passwords/crunch# patch -p1 -i crunch.patch

    Code:
    patching file crunch.c
    Hunk #1 FAILED at 272.
    Hunk #2 FAILED at 492.
    2 out of 2 hunks FAILED -- saving rejects to file crunch.c.rej
    Thanks in advance.
    You. Are. Doing. It. Wrong.
    -Gitsnik

  8. #8
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default Re: patch for crunch.c

    I have applied the patch to the package in the repo so just hang on a day or so for the update

  9. #9
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    1

    Default Re: patch for crunch.c

    how could I get a file from crunch with words of 24 char without an n number of repeated char for ex. not a word like aaaabbbbccccddddddeeeeee crunch generetes a lot of non useful words like aaaaaaaaaaaaaaaaaaaaaaaa

  10. #10
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default Re: patch for crunch.c

    you can't. crunch will generate every combination of letters that you specify. you could try the -p option which will generate permutations instead of combinations but it only generates words the length of the character set. i.e. if you use the lower case alphabet for the English language that is 26 characters so the length of the resulting words will also be 26. I am not sure it is possible to do permutations that are shorter than the input character set.
    I like the bleeding edge, but I don't like blood loss

Similar Threads

  1. ipw2200 injection patch
    By linuxnoob in forum Beginners Forum
    Replies: 7
    Last Post: 02-12-2010, 10:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •