1
0
mirror of https://github.com/hashcat/hashcat.git synced 2024-12-23 07:08:19 +00:00

Fixed a parser error in multiple modes not checking for return code, resulting in negative memory index writes

This commit is contained in:
jsteube 2017-09-04 15:53:13 +02:00
parent 8b0e7087c7
commit 0dfe015301
2 changed files with 40 additions and 3 deletions

View File

@ -30,6 +30,7 @@
- Fixed an integer overflow in masks not skipped when loaded from file
- Fixed an integer overflow in hash buffer size calculation
- Fixed a parser error for mode -m 9820 = MS Office <= 2003 $3, SHA1 + RC4, collider #2
- Fixed a parser error in multiple modes not checking for return code, resulting in negative memory index writes
- Fixed a problem with changed current working directory, for instance by using --restore together with --remove
- Fixed a problem with the conversion to the $HEX[] format: convert/hexify also all passwords of the format $HEX[]
- Fixed the calculation of device_name_chksum; should be done for each iteration

View File

@ -2975,6 +2975,8 @@ int netscreen_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_
salt_len = parse_and_store_salt (salt_buf_ptr, salt_buf, salt_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
// max. salt length: 55 (max for MD5) - 22 (":Administration Tools:") - 1 (0x80) = 32
// 32 - 4 bytes (to fit w0lr for all attack modes) = 28
@ -3913,6 +3915,8 @@ int md5s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSE
salt_len = parse_and_store_salt (salt_buf_ptr, salt_buf, salt_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
if (salt_len > 64) return (PARSER_SALT_LENGTH);
salt->salt_len = salt_len;
@ -4704,6 +4708,8 @@ int ipb2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSE
salt_len = parse_and_store_salt (salt_buf_ptr, salt_buf, salt_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
if (salt_len > 64) return (PARSER_SALT_LENGTH);
salt->salt_len = salt_len;
@ -4868,6 +4874,8 @@ int sha1sha1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_U
salt_len = parse_and_store_salt (salt_buf_ptr, salt_buf, salt_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
salt->salt_len = salt_len;
return (PARSER_OK);
@ -8101,7 +8109,9 @@ int opencart_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_U
salt_len = parse_and_store_salt (salt_buf_ptr, salt_buf, salt_len, hashconfig);
if ((salt_len != 9) || (salt_len == UINT_MAX)) return (PARSER_SALT_LENGTH);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
if (salt_len != 9) return (PARSER_SALT_LENGTH);
salt->salt_len = salt_len;
@ -10296,6 +10306,8 @@ int redmine_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UN
salt_len = parse_and_store_salt (salt_buf_ptr, salt_buf, salt_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
if (salt_len != 32) return (PARSER_SALT_LENGTH);
salt->salt_len = salt_len;
@ -10335,6 +10347,8 @@ int punbb_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUS
salt_len = parse_and_store_salt (salt_buf_ptr, salt_buf, salt_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
if (salt_len != 12) return (PARSER_SALT_LENGTH);
salt->salt_len = salt_len;
@ -11247,6 +11261,8 @@ int pbkdf2_sha256_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MA
salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
if (salt_len > (64 - 8)) return (PARSER_SALT_LENGTH);
salt_buf_ptr[salt_len + 3] = 0x01;
@ -11385,6 +11401,8 @@ int postgresql_auth_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf,
user_len = parse_and_store_salt (salt_buf_ptr + 4, user_pos, user_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
salt->salt_len = 4 + user_len;
return (PARSER_OK);
@ -11442,6 +11460,8 @@ int mysql_auth_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE
salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
salt->salt_len = salt_len;
return (PARSER_OK);
@ -11589,6 +11609,8 @@ int bitcoin_wallet_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, M
const u32 salt_len = parse_and_store_salt (salt_buf_ptr, cry_salt_buf_pos, cry_salt_buf_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
salt->salt_len = salt_len;
return (PARSER_OK);
@ -12386,6 +12408,8 @@ int pbkdf2_md5_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE
salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
if (salt_len > (64 - 8)) return (PARSER_SALT_LENGTH);
salt_buf_ptr[salt_len + 3] = 0x01;
@ -12468,6 +12492,8 @@ int pbkdf2_sha1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYB
salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
if (salt_len > (64 - 8)) return (PARSER_SALT_LENGTH);
salt_buf_ptr[salt_len + 3] = 0x01;
@ -12555,6 +12581,8 @@ int pbkdf2_sha512_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MA
salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
if (salt_len > (128 - 16)) return (PARSER_SALT_LENGTH);
salt_buf_ptr[salt_len + 3] = 0x01;
@ -14796,6 +14824,8 @@ int itunes_backup_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MA
salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
salt->salt_len = salt_len;
// dpsl
@ -15161,6 +15191,8 @@ int atlassian_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_
u32 salt_len = parse_and_store_salt (salt_buf_ptr, tmp_buf, 16, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
if (salt_len != 16) return (PARSER_SALT_LENGTH);
salt_buf_ptr[salt_len + 3] = 0x01;
@ -15428,6 +15460,8 @@ int ethereum_pbkdf2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf,
salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
salt_buf_ptr[salt_len + 3] = 0x01;
salt_buf_ptr[salt_len + 4] = 0x80;
@ -15566,6 +15600,8 @@ int ethereum_scrypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf,
salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig);
if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH);
// salt
salt->salt_buf[0] = ethereum_scrypt->salt_buf[0];
@ -16438,7 +16474,7 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_le
memcpy (ptr, tmp, salt_len);
}
u32 memset_size = ((48 - (int) salt_len) > 0) ? (48 - salt_len) : 0;
u32 memset_size = ((SALT_MAX - (int) salt_len) > 0) ? (SALT_MAX - salt_len) : 0;
memset (ptr + salt_len, 0, memset_size);
@ -16459,7 +16495,7 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_le
char tmp_buf[1024] = { 0 };
char *ptr_plain = (char *) out_buf_plain;
u8 *ptr_salt = (u8 *) out_buf_salt;
u8 *ptr_salt = (u8 *) out_buf_salt;
if (hash_mode == 22)
{