arno/hashcat
1
0
Fork 0
mirror of https://github.com/hashcat/hashcat.git synced 2024-11-21 23:58:07 +00:00
Code Issues Releases Wiki Activity

Fixed stack buffer overflow in PKZIP modules (17200, 17210, 17220, 17225, 17230)

Browse Source
This commit is contained in:
Gabriele Gristina 2024-10-26 13:24:00 +02:00
parent 6716447dfc
commit 0788fd9ae7
6 changed files with 36 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/changes.txt
View File

@ -98,6 +98,7 @@
- Fixed minimum password length in module of hash-mode 28200
- Fixed minimum password length in module of hash-mode 29800
- Fixed out-of-boundary read when a fast hash defines a kernel_loops_min value higher than the amplifiers provided by the user
- Fixed stack buffer overflow in PKZIP modules (17200, 17210, 17220, 17225, 17230)
- Fixed vector datatypes usage for HIP
- Fix missing check for -j and -k before writing hashcat.dictstat2 which can lead to false negatives
- Handle signed/unsigned PDF permission P value for all PDF hash-modes

9
src/modules/module_17200.c
View File

@ -91,6 +91,7 @@ Related publication: https://scitepress.org/PublicationsDetail.aspx?ID=KLPzPqStp
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "memory.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
@ -206,9 +207,11 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
u32 *digest = (u32 *) digest_buf;
char input[line_len + 1];
char *input = (char *) hcmalloc (line_len + 1);
if (!input) return PARSER_HAVE_ERRNO;
memcpy (input, line_buf, line_len);
input[line_len] = '\0';
memcpy (&input, line_buf, line_len);
char *saveptr = NULL;
@ -318,6 +321,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
digest[2] = 0;
digest[3] = 0;
hcfree (input);
return (PARSER_OK);
}

9
src/modules/module_17210.c
View File

@ -91,6 +91,7 @@ Related publication: https://scitepress.org/PublicationsDetail.aspx?ID=KLPzPqStp
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "memory.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
@ -186,9 +187,11 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
u32 *digest = (u32 *) digest_buf;
char input[line_len + 1];
char *input = (char *) hcmalloc (line_len + 1);
if (!input) return PARSER_HAVE_ERRNO;
memcpy (input, line_buf, line_len);
input[line_len] = '\0';
memcpy (&input, line_buf, line_len);
char *saveptr = NULL;
@ -297,6 +300,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
digest[2] = 0;
digest[3] = 0;
hcfree (input);
return (PARSER_OK);
}

9
src/modules/module_17220.c
View File

@ -91,6 +91,7 @@ Related publication: https://scitepress.org/PublicationsDetail.aspx?ID=KLPzPqStp
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "memory.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
@ -206,9 +207,11 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
u32 *digest = (u32 *) digest_buf;
char input[line_len + 1];
char *input = (char *) hcmalloc (line_len + 1);
if (!input) return PARSER_HAVE_ERRNO;
memcpy (input, line_buf, line_len);
input[line_len] = '\0';
memcpy (&input, line_buf, line_len);
char *saveptr = NULL;
@ -314,6 +317,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
salt->salt_len = pkzip->hash_count << 2;
hcfree (input);
return (PARSER_OK);
}

9
src/modules/module_17225.c
View File

@ -91,6 +91,7 @@ Related publication: https://scitepress.org/PublicationsDetail.aspx?ID=KLPzPqStp
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "memory.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
@ -207,9 +208,11 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
u32 *digest = (u32 *) digest_buf;
char input[line_len + 1];
char *input = (char *) hcmalloc (line_len + 1);
if (!input) return PARSER_HAVE_ERRNO;
memcpy (input, line_buf, line_len);
input[line_len] = '\0';
memcpy (&input, line_buf, line_len);
char *saveptr = NULL;
@ -315,6 +318,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
salt->salt_len = pkzip->hash_count << 2;
hcfree (input);
return (PARSER_OK);
}

9
src/modules/module_17230.c
View File

@ -91,6 +91,7 @@ Related publication: https://scitepress.org/PublicationsDetail.aspx?ID=KLPzPqStp
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "memory.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
@ -199,9 +200,11 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
u32 *digest = (u32 *) digest_buf;
char input[line_len + 1];
char *input = (char *) hcmalloc (line_len + 1);
if (!input) return PARSER_HAVE_ERRNO;
memcpy (input, line_buf, line_len);
input[line_len] = '\0';
memcpy (&input, line_buf, line_len);
char *saveptr = NULL;
@ -308,6 +311,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
salt->salt_len = pkzip->hash_count << 2;
hcfree (input);
return (PARSER_OK);
}