mirror of
https://github.com/hashcat/hashcat.git
synced 2024-12-23 07:08:19 +00:00
Fix out-of-boundary read in rule engines
This commit is contained in:
parent
00b9f4c557
commit
270210a8ab
@ -769,7 +769,8 @@ DECLSPEC int apply_rules (CONSTANT_AS const u32 *cmds, u32 *buf, const int in_le
|
||||
const u8 p0 = (cmd >> 8) & 0xff;
|
||||
const u8 p1 = (cmd >> 16) & 0xff;
|
||||
|
||||
out_len = apply_rule (name, p0, p1, buf, out_len);
|
||||
// we need to guarantee input length < 256 otherwise functions like rule_op_mangle_switch_last() and others will read out of boundary
|
||||
out_len = apply_rule (name, p0, p1, buf, out_len & 255);
|
||||
}
|
||||
|
||||
return out_len;
|
||||
|
@ -2349,7 +2349,8 @@ DECLSPEC u32 apply_rules_optimized (CONSTANT_AS const u32 *cmds, u32 *buf0, u32
|
||||
const u32 p0 = (cmd >> 8) & 0xff;
|
||||
const u32 p1 = (cmd >> 16) & 0xff;
|
||||
|
||||
out_len = apply_rule_optimized (name, p0, p1, buf0, buf1, out_len);
|
||||
// we need to guarantee input length < 32 otherwise functions like rule_op_mangle_switch_last() and others will read out of boundary
|
||||
out_len = apply_rule_optimized (name, p0, p1, buf0, buf1, out_len & 31);
|
||||
}
|
||||
|
||||
return out_len;
|
||||
|
Loading…
Reference in New Issue
Block a user