diff --git a/docs/changes.txt b/docs/changes.txt index 0b86eec66..7021b9f83 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -30,6 +30,7 @@ - Fixed an integer overflow in masks not skipped when loaded from file - Fixed an integer overflow in hash buffer size calculation - Fixed a parser error for mode -m 9820 = MS Office <= 2003 $3, SHA1 + RC4, collider #2 +- Fixed a parser error in multiple modes not checking for return code, resulting in negative memory index writes - Fixed a problem with changed current working directory, for instance by using --restore together with --remove - Fixed a problem with the conversion to the $HEX[] format: convert/hexify also all passwords of the format $HEX[] - Fixed the calculation of device_name_chksum; should be done for each iteration diff --git a/src/interface.c b/src/interface.c index 4f10acaa6..ceef6a9a9 100644 --- a/src/interface.c +++ b/src/interface.c @@ -2975,6 +2975,8 @@ int netscreen_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_ salt_len = parse_and_store_salt (salt_buf_ptr, salt_buf, salt_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + // max. salt length: 55 (max for MD5) - 22 (":Administration Tools:") - 1 (0x80) = 32 // 32 - 4 bytes (to fit w0lr for all attack modes) = 28 @@ -3913,6 +3915,8 @@ int md5s_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSE salt_len = parse_and_store_salt (salt_buf_ptr, salt_buf, salt_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + if (salt_len > 64) return (PARSER_SALT_LENGTH); salt->salt_len = salt_len; @@ -4704,6 +4708,8 @@ int ipb2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSE salt_len = parse_and_store_salt (salt_buf_ptr, salt_buf, salt_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + if (salt_len > 64) return (PARSER_SALT_LENGTH); salt->salt_len = salt_len; @@ -4868,6 +4874,8 @@ int sha1sha1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_U salt_len = parse_and_store_salt (salt_buf_ptr, salt_buf, salt_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + salt->salt_len = salt_len; return (PARSER_OK); @@ -8101,7 +8109,9 @@ int opencart_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_U salt_len = parse_and_store_salt (salt_buf_ptr, salt_buf, salt_len, hashconfig); - if ((salt_len != 9) || (salt_len == UINT_MAX)) return (PARSER_SALT_LENGTH); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + + if (salt_len != 9) return (PARSER_SALT_LENGTH); salt->salt_len = salt_len; @@ -10296,6 +10306,8 @@ int redmine_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UN salt_len = parse_and_store_salt (salt_buf_ptr, salt_buf, salt_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + if (salt_len != 32) return (PARSER_SALT_LENGTH); salt->salt_len = salt_len; @@ -10335,6 +10347,8 @@ int punbb_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUS salt_len = parse_and_store_salt (salt_buf_ptr, salt_buf, salt_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + if (salt_len != 12) return (PARSER_SALT_LENGTH); salt->salt_len = salt_len; @@ -11247,6 +11261,8 @@ int pbkdf2_sha256_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MA salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + if (salt_len > (64 - 8)) return (PARSER_SALT_LENGTH); salt_buf_ptr[salt_len + 3] = 0x01; @@ -11385,6 +11401,8 @@ int postgresql_auth_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, user_len = parse_and_store_salt (salt_buf_ptr + 4, user_pos, user_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + salt->salt_len = 4 + user_len; return (PARSER_OK); @@ -11442,6 +11460,8 @@ int mysql_auth_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + salt->salt_len = salt_len; return (PARSER_OK); @@ -11589,6 +11609,8 @@ int bitcoin_wallet_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, M const u32 salt_len = parse_and_store_salt (salt_buf_ptr, cry_salt_buf_pos, cry_salt_buf_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + salt->salt_len = salt_len; return (PARSER_OK); @@ -12386,6 +12408,8 @@ int pbkdf2_md5_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + if (salt_len > (64 - 8)) return (PARSER_SALT_LENGTH); salt_buf_ptr[salt_len + 3] = 0x01; @@ -12468,6 +12492,8 @@ int pbkdf2_sha1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYB salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + if (salt_len > (64 - 8)) return (PARSER_SALT_LENGTH); salt_buf_ptr[salt_len + 3] = 0x01; @@ -12555,6 +12581,8 @@ int pbkdf2_sha512_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MA salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + if (salt_len > (128 - 16)) return (PARSER_SALT_LENGTH); salt_buf_ptr[salt_len + 3] = 0x01; @@ -14796,6 +14824,8 @@ int itunes_backup_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MA salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + salt->salt_len = salt_len; // dpsl @@ -15161,6 +15191,8 @@ int atlassian_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_ u32 salt_len = parse_and_store_salt (salt_buf_ptr, tmp_buf, 16, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + if (salt_len != 16) return (PARSER_SALT_LENGTH); salt_buf_ptr[salt_len + 3] = 0x01; @@ -15428,6 +15460,8 @@ int ethereum_pbkdf2_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + salt_buf_ptr[salt_len + 3] = 0x01; salt_buf_ptr[salt_len + 4] = 0x80; @@ -15566,6 +15600,8 @@ int ethereum_scrypt_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, salt_len = parse_and_store_salt (salt_buf_ptr, salt_pos, salt_len, hashconfig); + if (salt_len == UINT_MAX) return (PARSER_SALT_LENGTH); + // salt salt->salt_buf[0] = ethereum_scrypt->salt_buf[0]; @@ -16438,7 +16474,7 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_le memcpy (ptr, tmp, salt_len); } - u32 memset_size = ((48 - (int) salt_len) > 0) ? (48 - salt_len) : 0; + u32 memset_size = ((SALT_MAX - (int) salt_len) > 0) ? (SALT_MAX - salt_len) : 0; memset (ptr + salt_len, 0, memset_size); @@ -16459,7 +16495,7 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_le char tmp_buf[1024] = { 0 }; char *ptr_plain = (char *) out_buf_plain; - u8 *ptr_salt = (u8 *) out_buf_salt; + u8 *ptr_salt = (u8 *) out_buf_salt; if (hash_mode == 22) {