1
0
mirror of https://github.com/hashcat/hashcat.git synced 2024-11-22 08:08:10 +00:00

Add more integer overflow checks

This commit is contained in:
jsteube 2017-02-22 16:33:23 +01:00
parent 080131c86e
commit 922fea7616
7 changed files with 104 additions and 15 deletions

View File

@ -13,6 +13,9 @@
#include <time.h>
#include <fcntl.h>
bool overflow_check_int64_add (const u64 a, const u64 b);
bool overflow_check_int64_mul (const u64 a, const u64 b);
bool is_power_of_2 (const u32 v);
u32 get_random_num (const u32 min, const u32 max);

View File

@ -19,7 +19,7 @@ void get_next_word_std (char *buf, u64 sz, u64 *len, u64 *off);
void get_next_word (hashcat_ctx_t *hashcat_ctx, FILE *fd, char **out_buf, u32 *out_len);
int load_segment (hashcat_ctx_t *hashcat_ctx, FILE *fd);
u64 count_words (hashcat_ctx_t *hashcat_ctx, FILE *fd, const char *dictfile);
int count_words (hashcat_ctx_t *hashcat_ctx, FILE *fd, const char *dictfile, u64 *result);
int wl_data_init (hashcat_ctx_t *hashcat_ctx);
void wl_data_destroy (hashcat_ctx_t *hashcat_ctx);

View File

@ -82,7 +82,19 @@ int combinator_ctx_init (hashcat_ctx_t *hashcat_ctx)
combinator_ctx->combs_cnt = 1;
const u64 words1_cnt = count_words (hashcat_ctx, fp1, dictfile1);
u64 words1_cnt = 0;
const int rc1 = count_words (hashcat_ctx, fp1, dictfile1, &words1_cnt);
if (rc1 == -1)
{
event_log_error (hashcat_ctx, "Integer overflow detected in keyspace of wordlist: %s", dictfile1);
fclose (fp1);
fclose (fp2);
return -1;
}
if (words1_cnt == 0)
{
@ -96,7 +108,19 @@ int combinator_ctx_init (hashcat_ctx_t *hashcat_ctx)
combinator_ctx->combs_cnt = 1;
const u64 words2_cnt = count_words (hashcat_ctx, fp2, dictfile2);
u64 words2_cnt = 0;
const int rc2 = count_words (hashcat_ctx, fp2, dictfile2, &words2_cnt);
if (rc2 == -1)
{
event_log_error (hashcat_ctx, "Integer overflow detected in keyspace of wordlist: %s", dictfile2);
fclose (fp1);
fclose (fp2);
return -1;
}
if (words2_cnt == 0)
{

View File

@ -815,9 +815,7 @@ static int sp_get_sum (u32 start, u32 stop, cs_t *root_css_buf, u64 *result)
for (i = start; i < stop; i++)
{
u64 t;
if (__builtin_mul_overflow (sum, root_css_buf[i].cs_len, &t) == true) return -1;
if (overflow_check_int64_mul (sum, root_css_buf[i].cs_len) == true) return -1;
sum *= root_css_buf[i].cs_len;
}

View File

@ -7,6 +7,20 @@
#include "types.h"
#include "shared.h"
bool overflow_check_int64_add (const u64 a, const u64 b)
{
u64 t;
return __builtin_add_overflow (a, b, &t);
}
bool overflow_check_int64_mul (const u64 a, const u64 b)
{
u64 t;
return __builtin_mul_overflow (a, b, &t);
}
bool is_power_of_2 (const u32 v)
{
return (v && !(v & (v - 1)));

View File

@ -74,7 +74,14 @@ int straight_ctx_update_loop (hashcat_ctx_t *hashcat_ctx)
return -1;
}
status_ctx->words_cnt = count_words (hashcat_ctx, fd, straight_ctx->dict);
const int rc = count_words (hashcat_ctx, fd, straight_ctx->dict, &status_ctx->words_cnt);
if (rc == -1)
{
event_log_error (hashcat_ctx, "Integer overflow detected in keyspace of wordlist: %s", straight_ctx->dict);
return -1;
}
fclose (fd);
@ -102,7 +109,14 @@ int straight_ctx_update_loop (hashcat_ctx_t *hashcat_ctx)
return -1;
}
status_ctx->words_cnt = count_words (hashcat_ctx, fd, combinator_ctx->dict1);
const int rc = count_words (hashcat_ctx, fd, combinator_ctx->dict1, &status_ctx->words_cnt);
if (rc == -1)
{
event_log_error (hashcat_ctx, "Integer overflow detected in keyspace of wordlist: %s", combinator_ctx->dict1);
return -1;
}
fclose (fd);
}
@ -117,7 +131,14 @@ int straight_ctx_update_loop (hashcat_ctx_t *hashcat_ctx)
return -1;
}
status_ctx->words_cnt = count_words (hashcat_ctx, fd, combinator_ctx->dict2);
const int rc = count_words (hashcat_ctx, fd, combinator_ctx->dict2, &status_ctx->words_cnt);
if (rc == -1)
{
event_log_error (hashcat_ctx, "Integer overflow detected in keyspace of wordlist: %s", combinator_ctx->dict2);
return -1;
}
fclose (fd);
}
@ -156,7 +177,14 @@ int straight_ctx_update_loop (hashcat_ctx_t *hashcat_ctx)
return -1;
}
status_ctx->words_cnt = count_words (hashcat_ctx, fd, straight_ctx->dict);
const int rc = count_words (hashcat_ctx, fd, straight_ctx->dict, &status_ctx->words_cnt);
if (rc == -1)
{
event_log_error (hashcat_ctx, "Integer overflow detected in keyspace of wordlist: %s", straight_ctx->dict);
return -1;
}
fclose (fd);

View File

@ -255,7 +255,7 @@ void pw_add (hc_device_param_t *device_param, const u8 *pw_buf, const int pw_len
//}
}
u64 count_words (hashcat_ctx_t *hashcat_ctx, FILE *fd, const char *dictfile)
int count_words (hashcat_ctx_t *hashcat_ctx, FILE *fd, const char *dictfile, u64 *result)
{
combinator_ctx_t *combinator_ctx = hashcat_ctx->combinator_ctx;
straight_ctx_t *straight_ctx = hashcat_ctx->straight_ctx;
@ -269,7 +269,12 @@ u64 count_words (hashcat_ctx_t *hashcat_ctx, FILE *fd, const char *dictfile)
d.cnt = 0;
if (hc_fstat (fileno (fd), &d.stat)) return 0;
if (hc_fstat (fileno (fd), &d.stat))
{
*result = 0;
return 0;
}
d.stat.st_mode = 0;
d.stat.st_nlink = 0;
@ -283,7 +288,12 @@ u64 count_words (hashcat_ctx_t *hashcat_ctx, FILE *fd, const char *dictfile)
d.stat.st_blocks = 0;
#endif
if (d.stat.st_size == 0) return 0;
if (d.stat.st_size == 0)
{
*result = 0;
return 0;
}
const u64 cached_cnt = dictstat_find (hashcat_ctx, &d);
@ -295,10 +305,14 @@ u64 count_words (hashcat_ctx_t *hashcat_ctx, FILE *fd, const char *dictfile)
if (user_options_extra->attack_kern == ATTACK_KERN_STRAIGHT)
{
if (overflow_check_int64_mul (keyspace, (u64) straight_ctx->kernel_rules_cnt) == true) return -1;
keyspace *= straight_ctx->kernel_rules_cnt;
}
else if (user_options_extra->attack_kern == ATTACK_KERN_COMBI)
{
if (overflow_check_int64_mul (keyspace, combinator_ctx->combs_cnt) == true) return -1;
keyspace *= combinator_ctx->combs_cnt;
}
@ -311,7 +325,9 @@ u64 count_words (hashcat_ctx_t *hashcat_ctx, FILE *fd, const char *dictfile)
EVENT_DATA (EVENT_WORDLIST_CACHE_HIT, &cache_hit, sizeof (cache_hit));
return (keyspace);
*result = keyspace;
return 0;
}
}
@ -362,10 +378,14 @@ u64 count_words (hashcat_ctx_t *hashcat_ctx, FILE *fd, const char *dictfile)
{
if (user_options_extra->attack_kern == ATTACK_KERN_STRAIGHT)
{
if (overflow_check_int64_add (cnt, (u64) straight_ctx->kernel_rules_cnt) == true) return -1;
cnt += straight_ctx->kernel_rules_cnt;
}
else if (user_options_extra->attack_kern == ATTACK_KERN_COMBI)
{
if (overflow_check_int64_add (cnt, combinator_ctx->combs_cnt) == true) return -1;
cnt += combinator_ctx->combs_cnt;
}
@ -413,7 +433,9 @@ u64 count_words (hashcat_ctx_t *hashcat_ctx, FILE *fd, const char *dictfile)
//hc_signal (sigHandler_default);
return (cnt);
*result = cnt;
return 0;
}
int wl_data_init (hashcat_ctx_t *hashcat_ctx)