arno/hashcat
1
0
Fork 0
mirror of https://github.com/hashcat/hashcat.git synced 2024-11-13 19:28:56 +00:00
Code Issues Releases Wiki Activity

Fix out-of-boundary read in rule engines

Browse Source
This commit is contained in:
Jens Steube 2019-11-20 14:35:47 +01:00
parent 00b9f4c557
commit 270210a8ab
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
OpenCL/inc_rp.cl
View File

@ -769,7 +769,8 @@ DECLSPEC int apply_rules (CONSTANT_AS const u32 *cmds, u32 *buf, const int in_le
const u8 p0 = (cmd >> 8) & 0xff;
const u8 p1 = (cmd >> 16) & 0xff;
out_len = apply_rule (name, p0, p1, buf, out_len);
// we need to guarantee input length < 256 otherwise functions like rule_op_mangle_switch_last() and others will read out of boundary
out_len = apply_rule (name, p0, p1, buf, out_len & 255);
}
return out_len;

3
OpenCL/inc_rp_optimized.cl
View File

@ -2349,7 +2349,8 @@ DECLSPEC u32 apply_rules_optimized (CONSTANT_AS const u32 *cmds, u32 *buf0, u32
const u32 p0 = (cmd >> 8) & 0xff;
const u32 p1 = (cmd >> 16) & 0xff;
out_len = apply_rule_optimized (name, p0, p1, buf0, buf1, out_len);
// we need to guarantee input length < 32 otherwise functions like rule_op_mangle_switch_last() and others will read out of boundary
out_len = apply_rule_optimized (name, p0, p1, buf0, buf1, out_len & 31);
}
return out_len;