Single bit errors in the database

Anonymous
2006-11-04
2012-09-17
  • Anonymous - 2006-11-04

    I changed a single bit in the database file, basically to see if there is any authentication. After entering the password PasswordSafe then proceeds to use all the memory and hog the processor. I had to reboot the PC!

     
    • Rony Shapiro

      Rony Shapiro - 2006-11-05

      So obviously there is authentication, but the reaction to authentication failure is perhaps a bit too drastic...

      Seriously:
      1. One of the features added to the 3.x database format is integrity verification of the data. This is done, however, on the plaintext, not the encrypted data.
      2. Therefore, a single bit flip on the encrypted data has a good chance of causing a crash. What most likely happened is that you've caused the field containing the size of a record to change into a random (and probably huge) value. The application tried to allocate the Megabytes of memory that would be needed to read such a field, resulting in the "freeze" you saw.
      3. Future versions will have more sanity checks on the input, making such crashes less likely.

      Thanks,

        Rony
      
       

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks