Fix buffer overflow in status_get_hash_target()

8 years ago · 0a26b09684
parent a460ab01b6
commit 0a26b09684
2 changed files with 11 additions and 3 deletions
--- a/src/hashes.c
+++ b/src/hashes.c
@ -226,7 +226,9 @@ void check_hash (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, pl

  // hash

-  char out_buf[HCBUFSIZ_LARGE] = { 0 };
+  char out_buf[HCBUFSIZ_LARGE];
+
+  out_buf[0] = 0;

  ascii_digest (hashcat_ctx, out_buf, salt_pos, digest_pos);

--- a/src/status.c
+++ b/src/status.c
@ -269,11 +269,17 @@ char *status_get_hash_target (const hashcat_ctx_t *hashcat_ctx)
    }
    else
    {
-      char *tmp_buf = (char *) malloc (HCBUFSIZ_TINY);
+      char *tmp_buf = (char *) malloc (HCBUFSIZ_LARGE);
+
+      tmp_buf[0] = 0;

      ascii_digest ((hashcat_ctx_t *) hashcat_ctx, tmp_buf, 0, 0);

-      return tmp_buf;
+      char *tmp_buf2 = strdup (tmp_buf);
+
+      free (tmp_buf);
+
+      return tmp_buf2;
    }
  }
  else