From 0a26b09684b44eddd62d4f298c59fd7378496a4f Mon Sep 17 00:00:00 2001
From: jsteube <jens.steube@gmail.com>
Date: Wed, 19 Oct 2016 13:51:06 +0200
Subject: [PATCH] Fix buffer overflow in status_get_hash_target()

---
 src/hashes.c |  4 +++-
 src/status.c | 10 ++++++++--
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/hashes.c b/src/hashes.c
index 681c1fc3c..3ff91e0de 100644
--- a/src/hashes.c
+++ b/src/hashes.c
@@ -226,7 +226,9 @@ void check_hash (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, pl
 
   // hash
 
-  char out_buf[HCBUFSIZ_LARGE] = { 0 };
+  char out_buf[HCBUFSIZ_LARGE];
+
+  out_buf[0] = 0;
 
   ascii_digest (hashcat_ctx, out_buf, salt_pos, digest_pos);
 
diff --git a/src/status.c b/src/status.c
index febd2f8cd..d79cd3505 100644
--- a/src/status.c
+++ b/src/status.c
@@ -269,11 +269,17 @@ char *status_get_hash_target (const hashcat_ctx_t *hashcat_ctx)
     }
     else
     {
-      char *tmp_buf = (char *) malloc (HCBUFSIZ_TINY);
+      char *tmp_buf = (char *) malloc (HCBUFSIZ_LARGE);
+
+      tmp_buf[0] = 0;
 
       ascii_digest ((hashcat_ctx_t *) hashcat_ctx, tmp_buf, 0, 0);
 
-      return tmp_buf;
+      char *tmp_buf2 = strdup (tmp_buf);
+
+      free (tmp_buf);
+
+      return tmp_buf2;
     }
   }
   else