From 189bbb26610f061293b4ba2614c381f66e6bf1e8 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 19 Feb 2020 18:50:50 +0100 Subject: [PATCH] Fixed buffer overflow in mp_add_cs_buf() function --- docs/changes.txt | 1 + src/mpsp.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/docs/changes.txt b/docs/changes.txt index 96f832fdc..03fdd6679 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -73,6 +73,7 @@ ## - Fixed buffer overflow in build_plain() function +- Fixed buffer overflow in mp_add_cs_buf() function - Fixed copy/paste error leading to invalid "Integer overflow detected in keyspace of mask" in attack-mode 6 and 7 - Fixed cracking multiple Office hashes (modes 9500, 9600) with the same salt - Fixed cracking of Blockchain, My Wallet (V1 and V2) hashes with unexpected decrypted data diff --git a/src/mpsp.c b/src/mpsp.c index f3a7fc344..2ab211833 100644 --- a/src/mpsp.c +++ b/src/mpsp.c @@ -217,6 +217,13 @@ static int mp_add_cs_buf (hashcat_ctx_t *hashcat_ctx, const u32 *in_buf, size_t { const hashconfig_t *hashconfig = hashcat_ctx->hashconfig; + if (css_cnt == 256) + { + event_log_error (hashcat_ctx, "Invalid mask length."); + + return -1; + } + cs_t *cs = &css[css_cnt]; size_t css_uniq_sz = CHARSIZ * sizeof (u32);