Sometime on Apr 12, Varun Varma assembled some asciibets to say:
second parameter to MD5_Update is a string, and third parameter is the length of the string.
Isn't it supposed to be void *? Even if it is unsigned char *, the values being passed might be a typecasted struct.
Question is, do you know by knowledge that these are supposed to be strings, or is that based obversing output from ltrace?
It is based on three things. 1. Output of ltrace 2. Knowledge of algorithm used to generate MD5 passwords by pam 3. Assumption that yahoo would rather use a tried and tested secure technique, rather than make changes and risk it being insecure.
For the situation of encrypting the username, it could be a struct rather than just a string, but consider this:
struct { char sometext[49]; char username[?]; };
They have to specify some size for username, because they cannot use a char *. If they did, that would result in the address of username being hashed, and not the username itself.
If they do specify a fixed size, then they are letting themselves in for a buffer overflow attack if someone uses a username larger than the array size. Therefore, I doubt it is anything other than a plain string.
On a related note, I had succeeded in crashing other people's yahoo clients (official clients as well as alternative clients) using an implementation of conferencing in everybuddy. I cannot reproduce this now as I can no longer log in. That, and the people I tested with won't cooperate any more :)
yes, although it need not be zero terminated. The string length is passed as third parameter, and need not always be the same as the actual length of the string.
strlen won't work on anything but null terminated strings. You've show using strlen as the third parameter, and that won't work unless
no, that was symbolic. The strlen function needn't be used there, it may be an absolute integer (in some cases it is).