Question

C programming: DES decryption. Why am I segfaulting?

Answer 1

/**************************************
* Decrypts DES-encrypted passwords. *
**************************************/

#include <stdio.h>
#include <string.h>
#include <crypt.h>
#include <unistd.h>

#define _X_OPENSOURCE

// a dict about about 100,000 words
#define DICTIONARY "lwords"

// maximum word size in the dictionary
char key[46];

int main(int argc, char* argv[])
{
// check correct usage
if (argc != 2)
{
printf("Usage: ./crack \"password\"\n");
return 1;
}

// make cla cyphertext and the first two chars the salt
char* ctext = argv[1];
char salt[2] = {ctext[0], ctext[1]};

// open dictionary and error check
FILE* dict = fopen(DICTIONARY, "r");
if (dict == NULL)
{
printf("Could not open dictionary\n");
return 2;
}

// so long as the file hasn't ended
while (!feof(dict))
{
// get each word
fgets(key, 46, dict);

// replace newline char with null terminator
int i = 0;
while (key[++i] != '\n');
key[i] = '\0';

// compare this encrypted word with the ciphertext
if (strcmp(crypt(key, salt), ctext) == 0)
{
// print password if found
printf("%s\n", key);
return 0;
}
}
// otherwise, no dice
printf("Could not crack\n");

return 0;
}

Answer 2

Tthis just checks to see if the password is in the dictionary, so it's not too strong obviously. Thing is, it works fine if the keyword is at the beginning of the dict, but once I get to the end of the dictionary without finding the word (into the z's) it segfaults according to the coredump. Even stranger, when I use gdb to run through it it does NOT segfault. Also, I tried it with a much smaller dictionary and again, it still segfaults in the z's, despite the dramatically smaler dict. It does not segfault on the very last work in either dict, just towards it. This makes zero sense to me, any help?

Answer 3

So none of the words in the dictionary exceed the max size? See, if one os longer, it will read the 46... but does it put a null/newline on there?

Answer 4

Also, the last line in the file, is it a blank line with the null, or the last entry? That could make the final newline not exist.

So there are two random thoughts.

Answer 5

char salt[2] = {ctext[0], ctext[1]};

FWIW, if salt were used as a string, there's no terminating character. Also, would ctext[?] need a derefernce in this statement?

Answer 6

Though I actualy figured it out not long after posting , @e.mccormick spotted the problem, I was looking for a newline character at the end of the file that didn't exist. IN case you;'re curious, my problem was solved by this simple change:

// replace newline char with null terminator
int i = 0;
while (key[++i] != '\n');
key[i] = '\0';

to

// replace newline char with null terminator
int i = 0;
while (key[++i] != '\0');
key[i - 1] = '\0';

Answer 7

Well, a segfault is usually caused by something going too far. So conceptually the thing to look at is what is triggering the stopping.

Answer 8

Yes, that was the problem. As I said above, the line while (key[++i] != '\n'); keeps looking for a newline character, which doesn't occur in the last word in the dictionary, so I was going beyond the end of the text file.