mirror of
https://github.com/hashcat/hashcat.git
synced 2025-01-11 00:01:16 +00:00
Mask Checks: Added integer overflow detection for a keyspace of a mask provided by user
This commit is contained in:
parent
14883bcd53
commit
62bc8689b7
@ -78,6 +78,7 @@
|
||||
- Helper: Added functions to check existence, type, read- and write-permissions and rewrite sources to use them instead of stat()
|
||||
- Keyfile handling: Make sure that the memory is cleanly freed whenever a VeraCrypt/TrueCrypt keyfile fails to load
|
||||
- Mask Checks: Added additional memory cleanups after parsing/verifying masks
|
||||
- Mask Checks: Added integer overflow detection for a keyspace of a mask provided by user
|
||||
- Mask Increment: Fixed memory leak in case mask_append() fails
|
||||
- OpenCL Device: Do a check on available constant memory size and abort if it's less than 64kB
|
||||
- OpenCL Device Management: Fixed several memory leaks in case initialization of an OpenCL device or platform failed
|
||||
|
@ -1589,7 +1589,7 @@ typedef struct combinator_ctx
|
||||
char *dict2;
|
||||
|
||||
u32 combs_mode;
|
||||
u32 combs_cnt;
|
||||
u64 combs_cnt;
|
||||
|
||||
} combinator_ctx_t;
|
||||
|
||||
|
37
src/mpsp.c
37
src/mpsp.c
@ -807,7 +807,7 @@ static int sp_setup_tbl (hashcat_ctx_t *hashcat_ctx)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static u64 sp_get_sum (u32 start, u32 stop, cs_t *root_css_buf)
|
||||
static int sp_get_sum (u32 start, u32 stop, cs_t *root_css_buf, u64 *result)
|
||||
{
|
||||
u64 sum = 1;
|
||||
|
||||
@ -815,10 +815,16 @@ static u64 sp_get_sum (u32 start, u32 stop, cs_t *root_css_buf)
|
||||
|
||||
for (i = start; i < stop; i++)
|
||||
{
|
||||
u64 t;
|
||||
|
||||
if (__builtin_umull_overflow (sum, root_css_buf[i].cs_len, &t) == true) return -1;
|
||||
|
||||
sum *= root_css_buf[i].cs_len;
|
||||
}
|
||||
|
||||
return (sum);
|
||||
*result = sum;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void sp_tbl_to_css (hcstat_table_t *root_table_buf, hcstat_table_t *markov_table_buf, cs_t *root_css_buf, cs_t *markov_css_buf, u32 threshold, u32 uniq_tbls[SP_PW_MAX][CHARSIZ])
|
||||
@ -1089,7 +1095,14 @@ int mask_ctx_update_loop (hashcat_ctx_t *hashcat_ctx)
|
||||
|
||||
sp_tbl_to_css (mask_ctx->root_table_buf, mask_ctx->markov_table_buf, mask_ctx->root_css_buf, mask_ctx->markov_css_buf, user_options->markov_threshold, uniq_tbls);
|
||||
|
||||
combinator_ctx->combs_cnt = sp_get_sum (0, mask_ctx->css_cnt, mask_ctx->root_css_buf);
|
||||
const int rc_get_sum = sp_get_sum (0, mask_ctx->css_cnt, mask_ctx->root_css_buf, &combinator_ctx->combs_cnt);
|
||||
|
||||
if (rc_get_sum == -1)
|
||||
{
|
||||
event_log_error (hashcat_ctx, "Integer overflow detected in keyspace of mask: %s", mask_ctx->mask);
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
const int rc_update_mp = opencl_session_update_mp (hashcat_ctx);
|
||||
|
||||
@ -1179,7 +1192,14 @@ int mask_ctx_update_loop (hashcat_ctx_t *hashcat_ctx)
|
||||
|
||||
sp_tbl_to_css (mask_ctx->root_table_buf, mask_ctx->markov_table_buf, mask_ctx->root_css_buf, mask_ctx->markov_css_buf, user_options->markov_threshold, uniq_tbls);
|
||||
|
||||
status_ctx->words_cnt = sp_get_sum (0, mask_ctx->css_cnt, mask_ctx->root_css_buf);
|
||||
const int rc_get_sum1 = sp_get_sum (0, mask_ctx->css_cnt, mask_ctx->root_css_buf, &status_ctx->words_cnt);
|
||||
|
||||
if (rc_get_sum1 == -1)
|
||||
{
|
||||
event_log_error (hashcat_ctx, "Integer overflow detected in keyspace of mask: %s", mask_ctx->mask);
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
// copy + args
|
||||
|
||||
@ -1187,7 +1207,14 @@ int mask_ctx_update_loop (hashcat_ctx_t *hashcat_ctx)
|
||||
|
||||
mp_css_split_cnt (hashcat_ctx, css_cnt_orig, css_cnt_lr);
|
||||
|
||||
mask_ctx->bfs_cnt = sp_get_sum (0, css_cnt_lr[1], mask_ctx->root_css_buf);
|
||||
const int rc_get_sum2 = sp_get_sum (0, css_cnt_lr[1], mask_ctx->root_css_buf, &mask_ctx->bfs_cnt);
|
||||
|
||||
if (rc_get_sum2 == -1)
|
||||
{
|
||||
event_log_error (hashcat_ctx, "Integer overflow detected in keyspace of mask: %s", mask_ctx->mask);
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
const int rc_update_mp_rl = opencl_session_update_mp_rl (hashcat_ctx, css_cnt_lr[0], css_cnt_lr[1]);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user