From 6967e706c2720f699ecd74682dac243ba7ea143a Mon Sep 17 00:00:00 2001 From: Jukka Ojanen Date: Mon, 21 Jun 2021 22:56:55 +0300 Subject: [PATCH 1/2] Fix access violation in hashconfig_destroy if hashcat_ctx_t is only partially initialized. Fix hashcat_ctx leak and refactor module and kernel existence checks. --- src/interface.c | 21 ++++++++------- src/user_options.c | 67 +++++++++++++++++++++------------------------- 2 files changed, 42 insertions(+), 46 deletions(-) diff --git a/src/interface.c b/src/interface.c index 2f7b15ccf..1d2eb8538 100644 --- a/src/interface.c +++ b/src/interface.c @@ -495,23 +495,24 @@ void hashconfig_destroy (hashcat_ctx_t *hashcat_ctx) } } - if (hashconfig->hook_extra_param_size) + if (module_ctx->hook_extra_params) { - const int hook_threads = (int) user_options->hook_threads; + if (hashconfig->hook_extra_param_size) + { + const int hook_threads = (int) user_options->hook_threads; - for (int i = 0; i < hook_threads; i++) + for (int i = 0; i < hook_threads; i++) + { + hcfree (module_ctx->hook_extra_params[i]); + } + } + else { - hcfree (module_ctx->hook_extra_params[i]); + hcfree (module_ctx->hook_extra_params[0]); } hcfree (module_ctx->hook_extra_params); } - else - { - hcfree (module_ctx->hook_extra_params[0]); - - hcfree (module_ctx->hook_extra_params); - } module_unload (module_ctx); diff --git a/src/user_options.c b/src/user_options.c index fc63e2127..1009a23af 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -2845,27 +2845,6 @@ int user_options_check_files (hashcat_ctx_t *hashcat_ctx) } } - // single kernel and module existence check to detect "7z e" errors - - char *modulefile = (char *) hcmalloc (HCBUFSIZ_TINY); - - module_filename (folder_config, 0, modulefile, HCBUFSIZ_TINY); - - if (hc_path_exist (modulefile) == false) - { - event_log_error (hashcat_ctx, "%s: %s", modulefile, strerror (errno)); - - event_log_warning (hashcat_ctx, "If you are using the hashcat binary package, this may be an extraction issue."); - event_log_warning (hashcat_ctx, "For example, using \"7z e\" instead of using \"7z x\"."); - event_log_warning (hashcat_ctx, NULL); - - hcfree (modulefile); - - return -1; - } - - hcfree (modulefile); - const bool quiet_save = user_options->quiet; user_options->quiet = true; @@ -2874,31 +2853,47 @@ int user_options_check_files (hashcat_ctx_t *hashcat_ctx) user_options->quiet = quiet_save; - if (rc == -1) return -1; + if (rc == -1) + { + // module existence check to detect "7z e" errors - hashconfig_destroy (hashcat_ctx); + const module_ctx_t* module_ctx = hashcat_ctx->module_ctx; - // same check but for an backend kernel + if (module_ctx->module_handle == NULL) + { + event_log_warning (hashcat_ctx, "If you are using the hashcat binary package, this may be an extraction issue."); + event_log_warning (hashcat_ctx, "For example, using \"7z e\" instead of using \"7z x\"."); + event_log_warning (hashcat_ctx, NULL); + } + + hashconfig_destroy (hashcat_ctx); - char *kernelfile = (char *) hcmalloc (HCBUFSIZ_TINY); + return -1; + } + else + { + // same check but for an backend kernel - generate_source_kernel_filename (false, ATTACK_EXEC_OUTSIDE_KERNEL, ATTACK_KERN_STRAIGHT, 400, 0, folder_config->shared_dir, kernelfile); + const hashconfig_t* hashconfig = hashcat_ctx->hashconfig; - if (hc_path_read (kernelfile) == false) - { - event_log_error (hashcat_ctx, "%s: %s", kernelfile, strerror (errno)); + char kernelfile[HCBUFSIZ_TINY] = { 0 }; - event_log_warning (hashcat_ctx, "If you are using the hashcat binary package, this may be an extraction issue."); - event_log_warning (hashcat_ctx, "For example, using \"7z e\" instead of using \"7z x\"."); - event_log_warning (hashcat_ctx, NULL); + generate_source_kernel_filename (user_options->slow_candidates, hashconfig->attack_exec, user_options_extra->attack_kern, hashconfig->kern_type, hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL, folder_config->shared_dir, kernelfile); - hcfree (kernelfile); + hashconfig_destroy (hashcat_ctx); - return -1; - } + if (hc_path_read (kernelfile) == false) + { + event_log_error (hashcat_ctx, "%s: %s", kernelfile, strerror(errno)); - hcfree (kernelfile); + event_log_warning (hashcat_ctx, "If you are using the hashcat binary package, this may be an extraction issue."); + event_log_warning (hashcat_ctx, "For example, using \"7z e\" instead of using \"7z x\"."); + event_log_warning (hashcat_ctx, NULL); + return -1; + } + } + // loopback - can't check at this point // tuning file check already done From ed093fb0355efeab3af56c0f4b5fc039007ab3f7 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Tue, 22 Jun 2021 09:12:05 +0200 Subject: [PATCH 2/2] minor whitespace fixes --- src/user_options.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/user_options.c b/src/user_options.c index 1009a23af..43bbe05c4 100644 --- a/src/user_options.c +++ b/src/user_options.c @@ -2865,7 +2865,7 @@ int user_options_check_files (hashcat_ctx_t *hashcat_ctx) event_log_warning (hashcat_ctx, "For example, using \"7z e\" instead of using \"7z x\"."); event_log_warning (hashcat_ctx, NULL); } - + hashconfig_destroy (hashcat_ctx); return -1; @@ -2893,7 +2893,7 @@ int user_options_check_files (hashcat_ctx_t *hashcat_ctx) return -1; } } - + // loopback - can't check at this point // tuning file check already done