1
0
mirror of https://github.com/hashcat/hashcat.git synced 2024-12-23 15:18:16 +00:00

Mask Checks: Added integer overflow detection for a keyspace of a mask provided by user

This commit is contained in:
jsteube 2017-02-22 12:28:23 +01:00
parent 14883bcd53
commit 62bc8689b7
3 changed files with 34 additions and 6 deletions

View File

@ -78,6 +78,7 @@
- Helper: Added functions to check existence, type, read- and write-permissions and rewrite sources to use them instead of stat()
- Keyfile handling: Make sure that the memory is cleanly freed whenever a VeraCrypt/TrueCrypt keyfile fails to load
- Mask Checks: Added additional memory cleanups after parsing/verifying masks
- Mask Checks: Added integer overflow detection for a keyspace of a mask provided by user
- Mask Increment: Fixed memory leak in case mask_append() fails
- OpenCL Device: Do a check on available constant memory size and abort if it's less than 64kB
- OpenCL Device Management: Fixed several memory leaks in case initialization of an OpenCL device or platform failed

View File

@ -1589,7 +1589,7 @@ typedef struct combinator_ctx
char *dict2;
u32 combs_mode;
u32 combs_cnt;
u64 combs_cnt;
} combinator_ctx_t;

View File

@ -807,7 +807,7 @@ static int sp_setup_tbl (hashcat_ctx_t *hashcat_ctx)
return 0;
}
static u64 sp_get_sum (u32 start, u32 stop, cs_t *root_css_buf)
static int sp_get_sum (u32 start, u32 stop, cs_t *root_css_buf, u64 *result)
{
u64 sum = 1;
@ -815,10 +815,16 @@ static u64 sp_get_sum (u32 start, u32 stop, cs_t *root_css_buf)
for (i = start; i < stop; i++)
{
u64 t;
if (__builtin_umull_overflow (sum, root_css_buf[i].cs_len, &t) == true) return -1;
sum *= root_css_buf[i].cs_len;
}
return (sum);
*result = sum;
return 0;
}
static void sp_tbl_to_css (hcstat_table_t *root_table_buf, hcstat_table_t *markov_table_buf, cs_t *root_css_buf, cs_t *markov_css_buf, u32 threshold, u32 uniq_tbls[SP_PW_MAX][CHARSIZ])
@ -1089,7 +1095,14 @@ int mask_ctx_update_loop (hashcat_ctx_t *hashcat_ctx)
sp_tbl_to_css (mask_ctx->root_table_buf, mask_ctx->markov_table_buf, mask_ctx->root_css_buf, mask_ctx->markov_css_buf, user_options->markov_threshold, uniq_tbls);
combinator_ctx->combs_cnt = sp_get_sum (0, mask_ctx->css_cnt, mask_ctx->root_css_buf);
const int rc_get_sum = sp_get_sum (0, mask_ctx->css_cnt, mask_ctx->root_css_buf, &combinator_ctx->combs_cnt);
if (rc_get_sum == -1)
{
event_log_error (hashcat_ctx, "Integer overflow detected in keyspace of mask: %s", mask_ctx->mask);
return -1;
}
const int rc_update_mp = opencl_session_update_mp (hashcat_ctx);
@ -1179,7 +1192,14 @@ int mask_ctx_update_loop (hashcat_ctx_t *hashcat_ctx)
sp_tbl_to_css (mask_ctx->root_table_buf, mask_ctx->markov_table_buf, mask_ctx->root_css_buf, mask_ctx->markov_css_buf, user_options->markov_threshold, uniq_tbls);
status_ctx->words_cnt = sp_get_sum (0, mask_ctx->css_cnt, mask_ctx->root_css_buf);
const int rc_get_sum1 = sp_get_sum (0, mask_ctx->css_cnt, mask_ctx->root_css_buf, &status_ctx->words_cnt);
if (rc_get_sum1 == -1)
{
event_log_error (hashcat_ctx, "Integer overflow detected in keyspace of mask: %s", mask_ctx->mask);
return -1;
}
// copy + args
@ -1187,7 +1207,14 @@ int mask_ctx_update_loop (hashcat_ctx_t *hashcat_ctx)
mp_css_split_cnt (hashcat_ctx, css_cnt_orig, css_cnt_lr);
mask_ctx->bfs_cnt = sp_get_sum (0, css_cnt_lr[1], mask_ctx->root_css_buf);
const int rc_get_sum2 = sp_get_sum (0, css_cnt_lr[1], mask_ctx->root_css_buf, &mask_ctx->bfs_cnt);
if (rc_get_sum2 == -1)
{
event_log_error (hashcat_ctx, "Integer overflow detected in keyspace of mask: %s", mask_ctx->mask);
return -1;
}
const int rc_update_mp_rl = opencl_session_update_mp_rl (hashcat_ctx, css_cnt_lr[0], css_cnt_lr[1]);