From 0063bc7245748de118cfa04b9d933cf77132a603 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 21 Aug 2019 14:57:41 +0200 Subject: [PATCH] Fix uninitialized buffer in maskfile iteration --- include/types.h | 8 ++++---- src/mpsp.c | 23 +++++++++++++---------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/include/types.h b/include/types.h index 0bc8ac636..0f754aa71 100644 --- a/include/types.h +++ b/include/types.h @@ -2046,12 +2046,12 @@ typedef struct mask_ctx { bool enabled; - cs_t mp_sys[8]; - cs_t mp_usr[4]; + cs_t *mp_sys; + cs_t *mp_usr; u64 bfs_cnt; - cs_t css_buf[256]; + cs_t *css_buf; u32 css_cnt; hcstat_table_t *root_table_buf; @@ -2067,7 +2067,7 @@ typedef struct mask_ctx u32 masks_cnt; u32 masks_avail; - char *mask; + char *mask; mf_t *mfs; diff --git a/src/mpsp.c b/src/mpsp.c index fc85a31e1..f69f14fba 100644 --- a/src/mpsp.c +++ b/src/mpsp.c @@ -364,6 +364,8 @@ static int mp_gen_css (hashcat_ctx_t *hashcat_ctx, char *mask_buf, size_t mask_l { const user_options_t *user_options = hashcat_ctx->user_options; + memset (css_buf, 0, 256 * sizeof (cs_t)); + size_t mask_pos; size_t css_pos; @@ -1182,6 +1184,7 @@ int mask_ctx_update_loop (hashcat_ctx_t *hashcat_ctx) user_options_extra_t *user_options_extra = hashcat_ctx->user_options_extra; user_options_t *user_options = hashcat_ctx->user_options; + if (user_options_extra->attack_kern == ATTACK_KERN_COMBI) { if (user_options->attack_mode == ATTACK_MODE_COMBI) @@ -1196,8 +1199,6 @@ int mask_ctx_update_loop (hashcat_ctx_t *hashcat_ctx) if (mask_ctx_parse_maskfile (hashcat_ctx) == -1) return -1; - //mask_ctx->css_buf = (cs_t *) hccalloc (256, sizeof (cs_t)); - if (mp_gen_css (hashcat_ctx, mask_ctx->mask, strlen (mask_ctx->mask), mask_ctx->mp_sys, mask_ctx->mp_usr, mask_ctx->css_buf, &mask_ctx->css_cnt) == -1) return -1; u32 uniq_tbls[SP_PW_MAX][CHARSIZ] = { { 0 } }; @@ -1221,8 +1222,6 @@ int mask_ctx_update_loop (hashcat_ctx_t *hashcat_ctx) if (mask_ctx_parse_maskfile (hashcat_ctx) == -1) return -1; - //mask_ctx->css_buf = (cs_t *) hccalloc (256, sizeof (cs_t)); - if (mp_gen_css (hashcat_ctx, mask_ctx->mask, strlen (mask_ctx->mask), mask_ctx->mp_sys, mask_ctx->mp_usr, mask_ctx->css_buf, &mask_ctx->css_cnt) == -1) return -1; u32 uniq_tbls[SP_PW_MAX][CHARSIZ] = { { 0 } }; @@ -1252,8 +1251,6 @@ int mask_ctx_update_loop (hashcat_ctx_t *hashcat_ctx) if (user_options->attack_mode == ATTACK_MODE_BF) // always true { - //mask_ctx->css_buf = (cs_t *) hccalloc (256, sizeof (cs_t)); - if (mp_gen_css (hashcat_ctx, mask_ctx->mask, strlen (mask_ctx->mask), mask_ctx->mp_sys, mask_ctx->mp_usr, mask_ctx->css_buf, &mask_ctx->css_cnt) == -1) return -1; // special case for benchmark @@ -1372,6 +1369,12 @@ int mask_ctx_init (hashcat_ctx_t *hashcat_ctx) mask_ctx->enabled = true; + mask_ctx->mp_sys = (cs_t *) hccalloc (8, sizeof (cs_t)); + mask_ctx->mp_usr = (cs_t *) hccalloc (4, sizeof (cs_t)); + + mask_ctx->css_buf = (cs_t *) hccalloc (256, sizeof (cs_t)); + mask_ctx->css_cnt = 0; + mask_ctx->root_table_buf = (hcstat_table_t *) hccalloc (SP_ROOT_CNT, sizeof (hcstat_table_t)); mask_ctx->markov_table_buf = (hcstat_table_t *) hccalloc (SP_MARKOV_CNT, sizeof (hcstat_table_t)); @@ -1380,9 +1383,6 @@ int mask_ctx_init (hashcat_ctx_t *hashcat_ctx) mask_ctx->root_css_buf = (cs_t *) hccalloc (SP_PW_MAX, sizeof (cs_t)); mask_ctx->markov_css_buf = (cs_t *) hccalloc (SP_PW_MAX * CHARSIZ, sizeof (cs_t)); - mask_ctx->css_cnt = 0; - //mask_ctx->css_buf = NULL; - mask_ctx->mask_from_file = false; mask_ctx->masks = NULL; @@ -1646,7 +1646,10 @@ void mask_ctx_destroy (hashcat_ctx_t *hashcat_ctx) if (mask_ctx->enabled == false) return; - //hcfree (mask_ctx->css_buf); + hcfree (mask_ctx->mp_sys); + hcfree (mask_ctx->mp_usr); + + hcfree (mask_ctx->css_buf); hcfree (mask_ctx->root_css_buf); hcfree (mask_ctx->markov_css_buf);