1
0
mirror of https://github.com/hashcat/hashcat.git synced 2025-01-11 00:01:16 +00:00

Fixed out-of-boundary read in PKZIP masterkey kernel if the password candidate has length zero.

Now that kernel threads are no longer fixed over the entire session, hardware_power and hardware_power_all
needs to be updated the same way as kernel_power and kernel_power_all for each call to inner2_loop().
This commit is contained in:
Jens Steube 2021-08-17 17:38:45 +02:00
parent 49117745cf
commit 9254603960
7 changed files with 28 additions and 25 deletions

View File

@ -296,7 +296,7 @@ KERNEL_FQ void m20500_sxx (KERN_ATTR_VECTOR ())
u32 prep1 = digests_buf[DIGESTS_OFFSET].digest_buf[1]; u32 prep1 = digests_buf[DIGESTS_OFFSET].digest_buf[1];
u32 prep2 = digests_buf[DIGESTS_OFFSET].digest_buf[2]; u32 prep2 = digests_buf[DIGESTS_OFFSET].digest_buf[2];
for (u32 pos = pw_len - 1; pos >= 4; pos--) for (int pos = pw_len - 1; pos >= 4; pos--)
{ {
const u32 t = hc_bfe_S (pws[gid].i[pos / 4], (pos & 3) * 8, 8); const u32 t = hc_bfe_S (pws[gid].i[pos / 4], (pos & 3) * 8, 8);

View File

@ -22,6 +22,7 @@
- Fixed invalid data type in the sha384_hmac_init_vector_128() function that take effect if the vector data type was specified manually - Fixed invalid data type in the sha384_hmac_init_vector_128() function that take effect if the vector data type was specified manually
- Fixed out-of-boundary read in input_tokenizer() if the signature in the hash is longer than the length of the plugin's signature constant - Fixed out-of-boundary read in input_tokenizer() if the signature in the hash is longer than the length of the plugin's signature constant
- Fixed out-of-boundary read in the Stuffit5 module in hash_decode() - Fixed out-of-boundary read in the Stuffit5 module in hash_decode()
- Fixed out-of-boundary read in PKZIP masterkey kernel if the password candidate has length zero
- Fixed random rule generator option --generate-rules-func-min by fixing switch() case to not select a not existing option group type - Fixed random rule generator option --generate-rules-func-min by fixing switch() case to not select a not existing option group type
- Fixed segfault when a combination of the flags --user and --show is given and a hash was specified directly on the command line - Fixed segfault when a combination of the flags --user and --show is given and a hash was specified directly on the command line
- Fixed syntax check of HAS_VPERM macro in several kernel includes causing invalid error message for AMD GPUs on Windows - Fixed syntax check of HAS_VPERM macro in several kernel includes causing invalid error message for AMD GPUs on Windows

View File

@ -1242,6 +1242,7 @@ typedef struct hc_device_param
u32 kernel_loops_min_sav; // the _sav are required because each -i iteration u32 kernel_loops_min_sav; // the _sav are required because each -i iteration
u32 kernel_loops_max_sav; // needs to recalculate the kernel_loops_min/max based on the current amplifier count u32 kernel_loops_max_sav; // needs to recalculate the kernel_loops_min/max based on the current amplifier count
u32 kernel_threads; u32 kernel_threads;
u32 kernel_threads_prev;
u32 kernel_threads_min; u32 kernel_threads_min;
u32 kernel_threads_max; u32 kernel_threads_max;

View File

@ -196,7 +196,9 @@ static int autotune (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param
// from here it's clear we are allowed to autotune // from here it's clear we are allowed to autotune
// so let's init some fake words // so let's init some fake words
const u32 kernel_power_max = device_param->hardware_power * kernel_accel_max; const u32 hardware_power_max = ((hashconfig->opts_type & OPTS_TYPE_MP_MULTI_DISABLE) ? 1 : device_param->device_processors) * kernel_threads_max;
const u32 kernel_power_max = hardware_power_max * kernel_accel_max;
if (device_param->is_cuda == true) if (device_param->is_cuda == true)
{ {

View File

@ -10705,8 +10705,6 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
u64 size_total_host_all = 0; u64 size_total_host_all = 0;
u32 hardware_power_all = 0;
for (int backend_devices_idx = 0; backend_devices_idx < backend_ctx->backend_devices_cnt; backend_devices_idx++) for (int backend_devices_idx = 0; backend_devices_idx < backend_ctx->backend_devices_cnt; backend_devices_idx++)
{ {
/** /**
@ -14497,7 +14495,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
// device_param->kernel_threads = kernel_threads; // device_param->kernel_threads = kernel_threads;
device_param->kernel_threads = 0; device_param->kernel_threads = 0;
device_param->hardware_power = ((hashconfig->opts_type & OPTS_TYPE_MP_MULTI_DISABLE) ? 1 : device_processors) * device_param->kernel_threads_max; u32 hardware_power_max = ((hashconfig->opts_type & OPTS_TYPE_MP_MULTI_DISABLE) ? 1 : device_processors) * device_param->kernel_threads_max;
u32 kernel_accel_min = device_param->kernel_accel_min; u32 kernel_accel_min = device_param->kernel_accel_min;
u32 kernel_accel_max = device_param->kernel_accel_max; u32 kernel_accel_max = device_param->kernel_accel_max;
@ -14520,7 +14518,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
// this is device_processors * kernel_threads // this is device_processors * kernel_threads
accel_limit /= device_param->hardware_power; accel_limit /= hardware_power_max;
// single password candidate size // single password candidate size
@ -14563,7 +14561,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
while (kernel_accel_max >= kernel_accel_min) while (kernel_accel_max >= kernel_accel_min)
{ {
const u64 kernel_power_max = device_param->hardware_power * kernel_accel_max; const u64 kernel_power_max = hardware_power_max * kernel_accel_max;
// size_pws // size_pws
@ -14736,7 +14734,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
{ {
while (kernel_accel_max > kernel_accel_min) while (kernel_accel_max > kernel_accel_min)
{ {
const u64 kernel_power_max = device_param->hardware_power * kernel_accel_max; const u64 kernel_power_max = hardware_power_max * kernel_accel_max;
if (kernel_power_max > hashes->salts_cnt) if (kernel_power_max > hashes->salts_cnt)
{ {
@ -15050,18 +15048,9 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
} }
} }
hardware_power_all += device_param->hardware_power;
EVENT_DATA (EVENT_BACKEND_DEVICE_INIT_POST, &backend_devices_idx, sizeof (int)); EVENT_DATA (EVENT_BACKEND_DEVICE_INIT_POST, &backend_devices_idx, sizeof (int));
} }
if (user_options->benchmark == false)
{
if (hardware_power_all == 0) return -1;
}
backend_ctx->hardware_power_all = hardware_power_all;
EVENT_DATA (EVENT_BACKEND_SESSION_HOSTMEM, &size_total_host_all, sizeof (u64)); EVENT_DATA (EVENT_BACKEND_SESSION_HOSTMEM, &size_total_host_all, sizeof (u64));
return 0; return 0;
@ -15550,8 +15539,12 @@ void backend_session_reset (hashcat_ctx_t *hashcat_ctx)
#else #else
device_param->timer_speed.tv_sec = 0; device_param->timer_speed.tv_sec = 0;
#endif #endif
device_param->kernel_power = 0;
device_param->hardware_power = 0;
} }
backend_ctx->hardware_power_all = 0;
backend_ctx->kernel_power_all = 0; backend_ctx->kernel_power_all = 0;
backend_ctx->kernel_power_final = 0; backend_ctx->kernel_power_final = 0;
} }

View File

@ -321,11 +321,13 @@ static int calc_stdin (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_par
if (device_param->speed_only_finish == true) break; if (device_param->speed_only_finish == true) break;
} }
device_param->kernel_accel_prev = device_param->kernel_accel; device_param->kernel_accel_prev = device_param->kernel_accel;
device_param->kernel_loops_prev = device_param->kernel_loops; device_param->kernel_loops_prev = device_param->kernel_loops;
device_param->kernel_threads_prev = device_param->kernel_threads;
device_param->kernel_accel = 0; device_param->kernel_accel = 0;
device_param->kernel_loops = 0; device_param->kernel_loops = 0;
device_param->kernel_threads = 0;
if (iconv_enabled == true) if (iconv_enabled == true)
{ {
@ -1579,11 +1581,13 @@ static int calc (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param)
} }
} }
device_param->kernel_accel_prev = device_param->kernel_accel; device_param->kernel_accel_prev = device_param->kernel_accel;
device_param->kernel_loops_prev = device_param->kernel_loops; device_param->kernel_loops_prev = device_param->kernel_loops;
device_param->kernel_threads_prev = device_param->kernel_threads;
device_param->kernel_accel = 0; device_param->kernel_accel = 0;
device_param->kernel_loops = 0; device_param->kernel_loops = 0;
device_param->kernel_threads = 0;
return 0; return 0;
} }

View File

@ -2194,6 +2194,8 @@ int status_get_kernel_threads_dev (const hashcat_ctx_t *hashcat_ctx, const int b
if (device_param->skipped_warning == true) return 0; if (device_param->skipped_warning == true) return 0;
if (device_param->kernel_threads_prev) return device_param->kernel_threads_prev;
return device_param->kernel_threads; return device_param->kernel_threads;
} }