diff --git a/docs/changes.txt b/docs/changes.txt index bb2889bab..9f93e4006 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -71,6 +71,7 @@ - Fixed problem with the usage of the hexadecimal notations (\x00-\xff) within rules - Fixed race condition in maskfile mode by using a dedicated flag for restore execution - Fixed some memory leaks in case hashcat is shutting down due to some file error +- Fixed some memory leaks in case mask-files are used in optimized mode - Fixed the 7-Zip parser to allow the entire supported range of encrypted and decrypted data lengths - Fixed the validation of the --brain-client-features command line argument (only values 1, 2 or 3 are allowed) diff --git a/include/types.h b/include/types.h index e23e0e75b..e29944b13 100644 --- a/include/types.h +++ b/include/types.h @@ -2051,7 +2051,7 @@ typedef struct mask_ctx u64 bfs_cnt; - cs_t *css_buf; + cs_t css_buf[256]; u32 css_cnt; hcstat_table_t *root_table_buf; diff --git a/src/mpsp.c b/src/mpsp.c index 3d7d64dfe..fc85a31e1 100644 --- a/src/mpsp.c +++ b/src/mpsp.c @@ -117,23 +117,16 @@ static int mp_css_append_salt (hashcat_ctx_t *hashcat_ctx, salt_t *salt_buf) u32 salt_len = salt_buf->salt_len; u8 *salt_buf_ptr = (u8 *) salt_buf->salt_buf; - u32 css_cnt_salt = mask_ctx->css_cnt + salt_len; - - cs_t *css_buf_salt = (cs_t *) hccalloc (css_cnt_salt, sizeof (cs_t)); - - memcpy (css_buf_salt, mask_ctx->css_buf, mask_ctx->css_cnt * sizeof (cs_t)); + if ((mask_ctx->css_cnt + salt_len) > 256) return -1; for (u32 i = 0, j = mask_ctx->css_cnt; i < salt_len; i++, j++) { - css_buf_salt[j].cs_buf[0] = salt_buf_ptr[i]; - css_buf_salt[j].cs_len = 1; + mask_ctx->css_buf[j].cs_buf[0] = salt_buf_ptr[i]; + mask_ctx->css_buf[j].cs_len = 1; + + mask_ctx->css_cnt++; } - hcfree (mask_ctx->css_buf); - - mask_ctx->css_buf = css_buf_salt; - mask_ctx->css_cnt = css_cnt_salt; - return 0; } @@ -143,6 +136,8 @@ static int mp_css_utf16le_expand (hashcat_ctx_t *hashcat_ctx) u32 css_cnt_utf16le = mask_ctx->css_cnt * 2; + if (css_cnt_utf16le > 256) return -1; + cs_t *css_buf_utf16le = (cs_t *) hccalloc (css_cnt_utf16le, sizeof (cs_t)); for (u32 i = 0, j = 0; i < mask_ctx->css_cnt; i += 1, j += 2) @@ -153,11 +148,12 @@ static int mp_css_utf16le_expand (hashcat_ctx_t *hashcat_ctx) css_buf_utf16le[j + 1].cs_len = 1; } - hcfree (mask_ctx->css_buf); + memcpy (mask_ctx->css_buf, css_buf_utf16le, css_cnt_utf16le * sizeof (cs_t)); - mask_ctx->css_buf = css_buf_utf16le; mask_ctx->css_cnt = css_cnt_utf16le; + hcfree (css_buf_utf16le); + return 0; } @@ -167,6 +163,8 @@ static int mp_css_utf16be_expand (hashcat_ctx_t *hashcat_ctx) u32 css_cnt_utf16be = mask_ctx->css_cnt * 2; + if (css_cnt_utf16be > 256) return -1; + cs_t *css_buf_utf16be = (cs_t *) hccalloc (css_cnt_utf16be, sizeof (cs_t)); for (u32 i = 0, j = 0; i < mask_ctx->css_cnt; i += 1, j += 2) @@ -177,11 +175,12 @@ static int mp_css_utf16be_expand (hashcat_ctx_t *hashcat_ctx) memcpy (&css_buf_utf16be[j + 1], &mask_ctx->css_buf[i], sizeof (cs_t)); } - hcfree (mask_ctx->css_buf); + memcpy (mask_ctx->css_buf, css_buf_utf16be, css_cnt_utf16be * sizeof (cs_t)); - mask_ctx->css_buf = css_buf_utf16be; mask_ctx->css_cnt = css_cnt_utf16be; + hcfree (css_buf_utf16be); + return 0; } @@ -1197,7 +1196,7 @@ int mask_ctx_update_loop (hashcat_ctx_t *hashcat_ctx) if (mask_ctx_parse_maskfile (hashcat_ctx) == -1) return -1; - mask_ctx->css_buf = (cs_t *) hccalloc (256, sizeof (cs_t)); + //mask_ctx->css_buf = (cs_t *) hccalloc (256, sizeof (cs_t)); if (mp_gen_css (hashcat_ctx, mask_ctx->mask, strlen (mask_ctx->mask), mask_ctx->mp_sys, mask_ctx->mp_usr, mask_ctx->css_buf, &mask_ctx->css_cnt) == -1) return -1; @@ -1222,7 +1221,7 @@ int mask_ctx_update_loop (hashcat_ctx_t *hashcat_ctx) if (mask_ctx_parse_maskfile (hashcat_ctx) == -1) return -1; - mask_ctx->css_buf = (cs_t *) hccalloc (256, sizeof (cs_t)); + //mask_ctx->css_buf = (cs_t *) hccalloc (256, sizeof (cs_t)); if (mp_gen_css (hashcat_ctx, mask_ctx->mask, strlen (mask_ctx->mask), mask_ctx->mp_sys, mask_ctx->mp_usr, mask_ctx->css_buf, &mask_ctx->css_cnt) == -1) return -1; @@ -1253,7 +1252,7 @@ int mask_ctx_update_loop (hashcat_ctx_t *hashcat_ctx) if (user_options->attack_mode == ATTACK_MODE_BF) // always true { - mask_ctx->css_buf = (cs_t *) hccalloc (256, sizeof (cs_t)); + //mask_ctx->css_buf = (cs_t *) hccalloc (256, sizeof (cs_t)); if (mp_gen_css (hashcat_ctx, mask_ctx->mask, strlen (mask_ctx->mask), mask_ctx->mp_sys, mask_ctx->mp_usr, mask_ctx->css_buf, &mask_ctx->css_cnt) == -1) return -1; @@ -1382,7 +1381,7 @@ int mask_ctx_init (hashcat_ctx_t *hashcat_ctx) mask_ctx->markov_css_buf = (cs_t *) hccalloc (SP_PW_MAX * CHARSIZ, sizeof (cs_t)); mask_ctx->css_cnt = 0; - mask_ctx->css_buf = NULL; + //mask_ctx->css_buf = NULL; mask_ctx->mask_from_file = false; @@ -1647,7 +1646,7 @@ void mask_ctx_destroy (hashcat_ctx_t *hashcat_ctx) if (mask_ctx->enabled == false) return; - hcfree (mask_ctx->css_buf); + //hcfree (mask_ctx->css_buf); hcfree (mask_ctx->root_css_buf); hcfree (mask_ctx->markov_css_buf);