1
0
mirror of https://github.com/hashcat/hashcat.git synced 2024-11-25 09:28:20 +00:00

Fixed a host buffer overflow bug when copying rules from host to device

This commit is contained in:
wizardsd 2024-11-07 12:47:36 +03:00
parent 6716447dfc
commit 0ba76629c0

View File

@ -9817,8 +9817,9 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
u32 aligned_rules_cnt = MAX (MAX (straight_ctx->kernel_rules_cnt, device_param->kernel_loops_min), KERNEL_RULES); u32 aligned_rules_cnt = MAX (MAX (straight_ctx->kernel_rules_cnt, device_param->kernel_loops_min), KERNEL_RULES);
u64 size_rules = (u64) aligned_rules_cnt * sizeof (kernel_rule_t); u64 size_rules = (u64) aligned_rules_cnt * sizeof (kernel_rule_t);
u64 size_rules_c = (u64) KERNEL_RULES * sizeof (kernel_rule_t); u64 size_rules_src = (u64) straight_ctx->kernel_rules_cnt * sizeof (kernel_rule_t); // size of source rules buffer can be less than aligned_rules_cnt
u64 size_rules_c = (u64) KERNEL_RULES * sizeof (kernel_rule_t);
device_param->size_rules = size_rules; device_param->size_rules = size_rules;
device_param->size_rules_c = size_rules_c; device_param->size_rules_c = size_rules_c;
@ -10872,7 +10873,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
if (hc_cuMemAlloc (hashcat_ctx, &device_param->cuda_d_rules_c, size_rules_c) == -1) return -1; if (hc_cuMemAlloc (hashcat_ctx, &device_param->cuda_d_rules_c, size_rules_c) == -1) return -1;
} }
if (hc_cuMemcpyHtoDAsync (hashcat_ctx, device_param->cuda_d_rules, straight_ctx->kernel_rules_buf, size_rules, device_param->cuda_stream) == -1) return -1; if (hc_cuMemcpyHtoDAsync (hashcat_ctx, device_param->cuda_d_rules, straight_ctx->kernel_rules_buf, size_rules_src, device_param->cuda_stream) == -1) return -1;
} }
else if (user_options_extra->attack_kern == ATTACK_KERN_COMBI) else if (user_options_extra->attack_kern == ATTACK_KERN_COMBI)
{ {
@ -10983,7 +10984,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
if (hc_hipMemAlloc (hashcat_ctx, &device_param->hip_d_rules_c, size_rules_c) == -1) return -1; if (hc_hipMemAlloc (hashcat_ctx, &device_param->hip_d_rules_c, size_rules_c) == -1) return -1;
} }
if (hc_hipMemcpyHtoDAsync (hashcat_ctx, device_param->hip_d_rules, straight_ctx->kernel_rules_buf, size_rules, device_param->hip_stream) == -1) return -1; if (hc_hipMemcpyHtoDAsync (hashcat_ctx, device_param->hip_d_rules, straight_ctx->kernel_rules_buf, size_rules_src, device_param->hip_stream) == -1) return -1;
} }
else if (user_options_extra->attack_kern == ATTACK_KERN_COMBI) else if (user_options_extra->attack_kern == ATTACK_KERN_COMBI)
{ {
@ -11100,7 +11101,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
if (hc_mtlCreateBuffer (hashcat_ctx, device_param->metal_device, size_rules, NULL, &device_param->metal_d_rules) == -1) return -1; if (hc_mtlCreateBuffer (hashcat_ctx, device_param->metal_device, size_rules, NULL, &device_param->metal_d_rules) == -1) return -1;
if (hc_mtlCreateBuffer (hashcat_ctx, device_param->metal_device, size_rules_c, NULL, &device_param->metal_d_rules_c) == -1) return -1; if (hc_mtlCreateBuffer (hashcat_ctx, device_param->metal_device, size_rules_c, NULL, &device_param->metal_d_rules_c) == -1) return -1;
if (hc_mtlMemcpyHtoD (hashcat_ctx, device_param->metal_command_queue, device_param->metal_d_rules, 0, straight_ctx->kernel_rules_buf, size_rules) == -1) return -1; if (hc_mtlMemcpyHtoD (hashcat_ctx, device_param->metal_command_queue, device_param->metal_d_rules, 0, straight_ctx->kernel_rules_buf, size_rules_src) == -1) return -1;
} }
else if (user_options_extra->attack_kern == ATTACK_KERN_COMBI) else if (user_options_extra->attack_kern == ATTACK_KERN_COMBI)
{ {
@ -11194,7 +11195,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
if (hc_clCreateBuffer (hashcat_ctx, device_param->opencl_context, CL_MEM_READ_ONLY, size_rules, NULL, &device_param->opencl_d_rules) == -1) return -1; if (hc_clCreateBuffer (hashcat_ctx, device_param->opencl_context, CL_MEM_READ_ONLY, size_rules, NULL, &device_param->opencl_d_rules) == -1) return -1;
if (hc_clCreateBuffer (hashcat_ctx, device_param->opencl_context, CL_MEM_READ_ONLY, size_rules_c, NULL, &device_param->opencl_d_rules_c) == -1) return -1; if (hc_clCreateBuffer (hashcat_ctx, device_param->opencl_context, CL_MEM_READ_ONLY, size_rules_c, NULL, &device_param->opencl_d_rules_c) == -1) return -1;
if (hc_clEnqueueWriteBuffer (hashcat_ctx, device_param->opencl_command_queue, device_param->opencl_d_rules, CL_FALSE, 0, size_rules, straight_ctx->kernel_rules_buf, 0, NULL, NULL) == -1) return -1; if (hc_clEnqueueWriteBuffer (hashcat_ctx, device_param->opencl_command_queue, device_param->opencl_d_rules, CL_FALSE, 0, size_rules_src, straight_ctx->kernel_rules_buf, 0, NULL, NULL) == -1) return -1;
} }
else if (user_options_extra->attack_kern == ATTACK_KERN_COMBI) else if (user_options_extra->attack_kern == ATTACK_KERN_COMBI)
{ {