From 6bcbc218d6aec3644c6d893a402639ade48cbfff Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Sun, 1 Aug 2021 10:21:21 +0200 Subject: [PATCH] Fixed out-of-boundary read in input_tokenizer() if the signatures in the hash line is longer than the constant signature in the plugin --- docs/changes.txt | 1 + src/shared.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/changes.txt b/docs/changes.txt index 1ab36e2df..901cc3933 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -14,6 +14,7 @@ - Fixed autotune unitialized tmps variable for slow hashes by calling _init kernel before calling _loop kernel - Fixed datatype in function sha384_hmac_init_vector_128() that could come into effect if vector datatype was manually set - Fixed false negative in all VeraCrypt hash-modes if both conditions are met: 1. use CPU for cracking and 2. PIM range was used +- Fixed out-of-boundary read in input_tokenizer() if the signature in the hash is longer than the length of the plugins' signature constant ## ## Improvements diff --git a/src/shared.c b/src/shared.c index 7efdd4d53..9bff0c646 100644 --- a/src/shared.c +++ b/src/shared.c @@ -1181,7 +1181,7 @@ int input_tokenizer (const u8 *input_buf, const int input_len, token_t *token) for (int signature_idx = 0; signature_idx < token->signatures_cnt; signature_idx++) { - if (memcmp (token->buf[token_idx], token->signatures_buf[signature_idx], token->len[token_idx]) == 0) matched = true; + if (strncmp ((char *) token->buf[token_idx], token->signatures_buf[signature_idx], token->len[token_idx]) == 0) matched = true; } if (matched == false) return (PARSER_SIGNATURE_UNMATCHED);