arno/hashcat
1
0
Fork 0
mirror of https://github.com/hashcat/hashcat.git synced 2024-11-29 19:38:18 +00:00
Code Issues Releases Wiki Activity

tainted string fix: check some lower/upper bounds of the strings

Browse Source
This commit is contained in:
philsmd 2017-02-15 13:19:53 +01:00
parent 04ac71a36a
commit 6eaa7e3741
No known key found for this signature in database
GPG Key ID: 4F25D016D9D6A8AF
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/restore.c
View File

@ -71,6 +71,26 @@ static int read_restore (hashcat_ctx_t *hashcat_ctx)
return -1; return -1;
} }
// we only use these 2 checks to avoid "tainted string" warnings
if (rd->argc < 1)
{
event_log_error (hashcat_ctx, "Unusual low number of arguments (argc) within the restore file %s", eff_restore_file);
fclose (fp);
return -1;
}
if (rd->argc > 250) // some upper bound check is always good (with some dirs/dicts it could be a large string)
{
event_log_error (hashcat_ctx, "Unusual high number of arguments (argc) within the restore file %s", eff_restore_file);
fclose (fp);
return -1;
}
rd->argv = (char **) hccalloc (rd->argc, sizeof (char *)); rd->argv = (char **) hccalloc (rd->argc, sizeof (char *));
char *buf = (char *) hcmalloc (HCBUFSIZ_LARGE); char *buf = (char *) hcmalloc (HCBUFSIZ_LARGE);

14
src/shared.c
View File

@ -260,7 +260,19 @@ void setup_environment_variables ()
snprintf (display, sizeof (display) - 1, "DISPLAY=%s", compute); snprintf (display, sizeof (display) - 1, "DISPLAY=%s", compute);
putenv (display); // we only use this check to avoid "tainted string" warnings
u32 display_len_max = sizeof (display);
u32 display_len = strnlen (display, display_len_max);
if (display_len > 0) // should be always true
{
if (display_len < display_len_max) // some upper bound is always good
{
putenv (display);
}
}
} }
else else
{ {