Merge pull request #146 from gm4tr1x/master

Fixed some memory allocations and other small things
8 years ago · 20b0c23af1
parent 1d3795a3ab 076597fe01
commit 20b0c23af1
3 changed files with 212 additions and 64 deletions
--- a/include/types.h
+++ b/include/types.h
@ -578,6 +578,15 @@ typedef struct
 } seven_zip_t;
 typedef struct
 {
  u32  random[2];
  u32  hash[5];
  u32  salt[5];   // unused, but makes better valid check
  u32  iv[2];     // unused, but makes better valid check
 } psafe2_hdr;
 typedef struct
 {
  char *user_name;
@ -618,27 +627,27 @@ typedef struct
 typedef struct
 {
-  char          essid[36];
+  char essid[36];
-  unsigned char mac1[6];
+  u8   mac1[6];
-  unsigned char mac2[6];
+  u8   mac2[6];
-  unsigned char nonce1[32];
+  u8   nonce1[32];
-  unsigned char nonce2[32];
+  u8   nonce2[32];
-  unsigned char eapol[256];
+  u8   eapol[256];
-  int           eapol_size;
+  int  eapol_size;
-  int           keyver;
+  int  keyver;
-  unsigned char keymic[16];
+  u8   keymic[16];
 } hccap_t;
 typedef struct
 {
-  char     signature[4];
+  char signature[4];
-  u32 salt_buf[8];
+  u32  salt_buf[8];
-  u32 iterations;
+  u32  iterations;
-  u32 hash_buf[8];
+  u32  hash_buf[8];
 } psafe3_t;
--- a/src/oclHashcat.c
+++ b/src/oclHashcat.c
@ -10763,11 +10763,11 @@ int main (int argc, char **argv)
            uint hccap_size = sizeof (hccap_t);
-            char in[hccap_size];
+            char *in = (char *) mymalloc (hccap_size);
            while (!feof (fp))
            {
-              int n = fread (&in, hccap_size, 1, fp);
+              int n = fread (in, hccap_size, 1, fp);
              if (n != 1)
              {
@ -10826,6 +10826,8 @@ int main (int argc, char **argv)
            }
            fclose (fp);
            myfree (in);
          }
          else if (hash_mode == 3000)
          {
--- a/src/shared.c
+++ b/src/shared.c
@ -5108,9 +5108,7 @@ void handle_left_request_lm (pot_t *pot, uint pot_cnt, char *input_buf, int inpu
  uint user_len = input_len - 32;
-  char hash_output[user_len + 33];
+  char *hash_output = (char *) mymalloc (33);
  memset (hash_output, 0, sizeof (hash_output));
  memcpy (hash_output, input_buf, input_len);
@ -5134,6 +5132,8 @@ void handle_left_request_lm (pot_t *pot, uint pot_cnt, char *input_buf, int inpu
  format_output (out_fp, hash_output, NULL, 0, 0, NULL, 0);
  myfree (hash_output);
  if (weak_hash_found == 1) myfree (pot_right_ptr);
 }
@ -10096,17 +10096,10 @@ int psafe2_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
    exit (-1);
  }
  typedef struct
  {
    u32 random[2];
    u32 hash[5];
    u32 salt[5];   // unused, but makes better valid check
    u32 iv[2];     // unused, but makes better valid check
  } psafe2_hdr;
  psafe2_hdr buf;
  memset (&buf, 0, sizeof (psafe2_hdr));
  int n = fread (&buf, sizeof (psafe2_hdr), 1, fp);
  fclose (fp);
@ -17491,9 +17484,8 @@ int sip_auth_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
  // work with a temporary copy of input_buf (s.t. we can manipulate it directly)
-  char temp_input_buf[input_len + 1];
+  char *temp_input_buf = (char *) mymalloc (input_len + 1);
  memset (temp_input_buf, 0, sizeof (temp_input_buf));
  memcpy (temp_input_buf, input_buf, input_len);
  // URI_server:
@ -17502,177 +17494,307 @@ int sip_auth_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
  char *URI_client_pos = strchr (URI_server_pos, '*');
-  if (URI_client_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
+  if (URI_client_pos == NULL)
  {
    myfree (temp_input_buf);
    return (PARSER_SEPARATOR_UNMATCHED);
  }
  URI_client_pos[0] = 0;
  URI_client_pos++;
  uint URI_server_len = strlen (URI_server_pos);
-  if (URI_server_len > 512) return (PARSER_SALT_LENGTH);
+  if (URI_server_len > 512)
  {
    myfree (temp_input_buf);
    return (PARSER_SALT_LENGTH);
  }
  // URI_client:
  char *user_pos = strchr (URI_client_pos, '*');
-  if (user_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
+  if (user_pos == NULL)
  {
    myfree (temp_input_buf);
    return (PARSER_SEPARATOR_UNMATCHED);
  }
  user_pos[0] = 0;
  user_pos++;
  uint URI_client_len = strlen (URI_client_pos);
-  if (URI_client_len > 512) return (PARSER_SALT_LENGTH);
+  if (URI_client_len > 512)
  {
    myfree (temp_input_buf);
    return (PARSER_SALT_LENGTH);
  }
  // user:
  char *realm_pos = strchr (user_pos, '*');
-  if (realm_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
+  if (realm_pos == NULL)
  {
    myfree (temp_input_buf);
    return (PARSER_SEPARATOR_UNMATCHED);
  }
  realm_pos[0] = 0;
  realm_pos++;
  uint user_len = strlen (user_pos);
-  if (user_len > 116) return (PARSER_SALT_LENGTH);
+  if (user_len > 116)
  {
    myfree (temp_input_buf);
    return (PARSER_SALT_LENGTH);
  }
  // realm:
  char *method_pos = strchr (realm_pos, '*');
-  if (method_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
+  if (method_pos == NULL)
  {
    myfree (temp_input_buf);
    return (PARSER_SEPARATOR_UNMATCHED);
  }
  method_pos[0] = 0;
  method_pos++;
  uint realm_len = strlen (realm_pos);
-  if (realm_len > 116) return (PARSER_SALT_LENGTH);
+  if (realm_len > 116)
  {
    myfree (temp_input_buf);
    return (PARSER_SALT_LENGTH);
  }
  // method:
  char *URI_prefix_pos = strchr (method_pos, '*');
-  if (URI_prefix_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
+  if (URI_prefix_pos == NULL)
  {
    myfree (temp_input_buf);
    return (PARSER_SEPARATOR_UNMATCHED);
  }
  URI_prefix_pos[0] = 0;
  URI_prefix_pos++;
  uint method_len = strlen (method_pos);
-  if (method_len > 246) return (PARSER_SALT_LENGTH);
+  if (method_len > 246)
  {
    myfree (temp_input_buf);
    return (PARSER_SALT_LENGTH);
  }
  // URI_prefix:
  char *URI_resource_pos = strchr (URI_prefix_pos, '*');
-  if (URI_resource_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
+  if (URI_resource_pos == NULL)
  {
    myfree (temp_input_buf);
    return (PARSER_SEPARATOR_UNMATCHED);
  }
  URI_resource_pos[0] = 0;
  URI_resource_pos++;
  uint URI_prefix_len = strlen (URI_prefix_pos);
-  if (URI_prefix_len > 245) return (PARSER_SALT_LENGTH);
+  if (URI_prefix_len > 245)
  {
    myfree (temp_input_buf);
    return (PARSER_SALT_LENGTH);
  }
  // URI_resource:
  char *URI_suffix_pos = strchr (URI_resource_pos, '*');
-  if (URI_suffix_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
+  if (URI_suffix_pos == NULL)
  {
    myfree (temp_input_buf);
    return (PARSER_SEPARATOR_UNMATCHED);
  }
  URI_suffix_pos[0] = 0;
  URI_suffix_pos++;
  uint URI_resource_len = strlen (URI_resource_pos);
-  if (URI_resource_len <   1) return (PARSER_SALT_LENGTH);
+  if (URI_resource_len < 1 || URI_resource_len > 246)
-  if (URI_resource_len > 246) return (PARSER_SALT_LENGTH);
+  {
    myfree (temp_input_buf);
    return (PARSER_SALT_LENGTH);
  }
  // URI_suffix:
  char *nonce_pos = strchr (URI_suffix_pos, '*');
-  if (nonce_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
+  if (nonce_pos == NULL)
  {
    myfree (temp_input_buf);
    return (PARSER_SEPARATOR_UNMATCHED);
  }
  nonce_pos[0] = 0;
  nonce_pos++;
  uint URI_suffix_len = strlen (URI_suffix_pos);
-  if (URI_suffix_len > 245) return (PARSER_SALT_LENGTH);
+  if (URI_suffix_len > 245)
  {
    myfree (temp_input_buf);
    return (PARSER_SALT_LENGTH);
  }
  // nonce:
  char *nonce_client_pos = strchr (nonce_pos, '*');
-  if (nonce_client_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
+  if (nonce_client_pos == NULL)
  {
    myfree (temp_input_buf);
    return (PARSER_SEPARATOR_UNMATCHED);
  }
  nonce_client_pos[0] = 0;
  nonce_client_pos++;
  uint nonce_len = strlen (nonce_pos);
-  if (nonce_len <  1) return (PARSER_SALT_LENGTH);
+  if (nonce_len < 1 || nonce_len > 50)
-  if (nonce_len > 50) return (PARSER_SALT_LENGTH);
+  {
    myfree (temp_input_buf);
    return (PARSER_SALT_LENGTH);
  }
  // nonce_client:
  char *nonce_count_pos = strchr (nonce_client_pos, '*');
-  if (nonce_count_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
+  if (nonce_count_pos == NULL)
  {
    myfree (temp_input_buf);
    return (PARSER_SEPARATOR_UNMATCHED);
  }
  nonce_count_pos[0] = 0;
  nonce_count_pos++;
  uint nonce_client_len = strlen (nonce_client_pos);
-  if (nonce_client_len > 50) return (PARSER_SALT_LENGTH);
+  if (nonce_client_len > 50)
  {
    myfree (temp_input_buf);
    return (PARSER_SALT_LENGTH);
  }
  // nonce_count:
  char *qop_pos = strchr (nonce_count_pos, '*');
-  if (qop_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
+  if (qop_pos == NULL)
  {
    myfree (temp_input_buf);
    return (PARSER_SEPARATOR_UNMATCHED);
  }
  qop_pos[0] = 0;
  qop_pos++;
  uint nonce_count_len = strlen (nonce_count_pos);
-  if (nonce_count_len > 50) return (PARSER_SALT_LENGTH);
+  if (nonce_count_len > 50)
  {
    myfree (temp_input_buf);
    return (PARSER_SALT_LENGTH);
  }
  // qop:
  char *directive_pos = strchr (qop_pos, '*');
-  if (directive_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
+  if (directive_pos == NULL)
  {
    myfree (temp_input_buf);
    return (PARSER_SEPARATOR_UNMATCHED);
  }
  directive_pos[0] = 0;
  directive_pos++;
  uint qop_len = strlen (qop_pos);
-  if (qop_len > 50) return (PARSER_SALT_LENGTH);
+  if (qop_len > 50)
  {
    myfree (temp_input_buf);
    return (PARSER_SALT_LENGTH);
  }
  // directive
  char *digest_pos = strchr (directive_pos, '*');
-  if (digest_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
+  if (digest_pos == NULL)
  {
    myfree (temp_input_buf);
    return (PARSER_SEPARATOR_UNMATCHED);
  }
  digest_pos[0] = 0;
  digest_pos++;
  uint directive_len = strlen (directive_pos);
-  if (directive_len != 3) return (PARSER_SALT_LENGTH);
+  if (directive_len != 3)
  {
    myfree (temp_input_buf);
    return (PARSER_SALT_LENGTH);
  }
  if (memcmp (directive_pos, "MD5", 3))
  {
    log_info ("ERROR: only the MD5 directive is currently supported\n");
    myfree (temp_input_buf);
    return (PARSER_SIP_AUTH_DIRECTIVE);
  }
@ -17686,9 +17808,7 @@ int sip_auth_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
  uint md5_remaining_len = md5_max_len;
-  uint tmp_md5_buf[md5_max_len / 4];
+  uint tmp_md5_buf[64] = { 0 };
  memset (tmp_md5_buf, 0, sizeof (tmp_md5_buf));
  char *tmp_md5_ptr = (char *) tmp_md5_buf;
@ -17723,7 +17843,7 @@ int sip_auth_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
    md5_len += 1 + URI_suffix_len;
  }
-  uint tmp_digest[4];
+  uint tmp_digest[4] = { 0 };
  md5_complete_no_limit (tmp_digest, tmp_md5_buf, md5_len);
@ -17748,7 +17868,12 @@ int sip_auth_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
  {
    esalt_len = 1 + nonce_len + 1 + nonce_count_len + 1 + nonce_client_len + 1 + qop_len + 1 + 32;
-    if (esalt_len > max_esalt_len) return (PARSER_SALT_LENGTH);
+    if (esalt_len > max_esalt_len)
    {
      myfree (temp_input_buf);
      return (PARSER_SALT_LENGTH);
    }
    snprintf (esalt_buf_ptr, max_esalt_len, ":%s:%s:%s:%s:%08x%08x%08x%08x",
      nonce_pos,
@ -17764,7 +17889,12 @@ int sip_auth_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
  {
    esalt_len = 1 + nonce_len + 1 + 32;
-    if (esalt_len > max_esalt_len) return (PARSER_SALT_LENGTH);
+    if (esalt_len > max_esalt_len)
    {
      myfree (temp_input_buf);
      return (PARSER_SALT_LENGTH);
    }
    snprintf (esalt_buf_ptr, max_esalt_len, ":%s:%08x%08x%08x%08x",
      nonce_pos,
@ -17790,7 +17920,12 @@ int sip_auth_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
  uint max_salt_len = 119;
-  if (salt_len > max_salt_len) return (PARSER_SALT_LENGTH);
+  if (salt_len > max_salt_len)
  {
    myfree (temp_input_buf);
    return (PARSER_SALT_LENGTH);
  }
  snprintf (sip_salt_ptr, max_salt_len + 1, "%s:%s:", user_pos, realm_pos);
@ -17829,6 +17964,8 @@ int sip_auth_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
  digest[2] = byte_swap_32 (digest[2]);
  digest[3] = byte_swap_32 (digest[3]);
  myfree (temp_input_buf);
  return (PARSER_OK);
 }