From 9b1e66d87c20619e262423019dc62420e7603714 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Fri, 9 Feb 2018 09:50:13 +0100 Subject: [PATCH] Fixed a race condition in combinator- and hybrid-mode where the same scratch buffer was used by multiple threads --- docs/changes.txt | 1 + include/types.h | 4 ++-- src/combinator.c | 4 ---- src/opencl.c | 9 +++++++-- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index e9a3dbba1..a13d8c3c9 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -29,6 +29,7 @@ - Fixed a hash parsing problem when using --show/--left with hashes with long salts that required pure kernels - Fixed a mask-length check issue: Return -1 in case the mask-length is not within the password-length range - Fixed a missing check for returncode in case hashcat.hcstat2 was not found +- Fixed a race condition in combinator- and hybrid-mode where the same scratch buffer was used by multiple threads - Fixed a restore issue leading to "Restore value is greater than keyspace" when mask-files or wordlist-folders were used - Fixed a uninitialized value in OpenCL kernels 9720, 9820 and 10420 leading to absurd benchmark performance - Fixed invalid support for SIMD in -m 400 diff --git a/include/types.h b/include/types.h index e4bffd8e1..f51604fe4 100644 --- a/include/types.h +++ b/include/types.h @@ -980,6 +980,8 @@ typedef struct hc_device_param size_t size_st_salts; size_t size_st_esalts; + char *scratch_buf; + FILE *combs_fp; pw_t *combs_buf; @@ -1694,8 +1696,6 @@ typedef struct combinator_ctx { bool enabled; - char *scratch_buf; - char *dict1; char *dict2; diff --git a/src/combinator.c b/src/combinator.c index 8e9118ca5..d9b50ba0d 100644 --- a/src/combinator.c +++ b/src/combinator.c @@ -33,8 +33,6 @@ int combinator_ctx_init (hashcat_ctx_t *hashcat_ctx) combinator_ctx->enabled = true; - combinator_ctx->scratch_buf = (char *) hcmalloc (HCBUFSIZ_LARGE); - if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) { if (user_options->attack_mode == ATTACK_MODE_COMBI) @@ -337,7 +335,5 @@ void combinator_ctx_destroy (hashcat_ctx_t *hashcat_ctx) if (combinator_ctx->enabled == false) return; - hcfree (combinator_ctx->scratch_buf); - memset (combinator_ctx, 0, sizeof (combinator_ctx_t)); } diff --git a/src/opencl.c b/src/opencl.c index 10010a3b2..7119760cb 100644 --- a/src/opencl.c +++ b/src/opencl.c @@ -2228,7 +2228,7 @@ int run_cracker (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, co { if (user_options->attack_mode == ATTACK_MODE_COMBI) { - char *line_buf = combinator_ctx->scratch_buf; + char *line_buf = device_param->scratch_buf; u32 i = 0; @@ -2345,7 +2345,7 @@ int run_cracker (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, co { if ((user_options->attack_mode == ATTACK_MODE_COMBI) || (user_options->attack_mode == ATTACK_MODE_HYBRID2)) { - char *line_buf = combinator_ctx->scratch_buf; + char *line_buf = device_param->scratch_buf; u32 i = 0; @@ -5215,6 +5215,10 @@ int opencl_session_begin (hashcat_ctx_t *hashcat_ctx) device_param->hooks_buf = hooks_buf; + char *scratch_buf = (char *) hcmalloc (HCBUFSIZ_LARGE); + + device_param->scratch_buf = scratch_buf; + /** * kernel args */ @@ -5867,6 +5871,7 @@ void opencl_session_destroy (hashcat_ctx_t *hashcat_ctx) hcfree (device_param->pws_idx); hcfree (device_param->combs_buf); hcfree (device_param->hooks_buf); + hcfree (device_param->scratch_buf); if (device_param->d_pws_buf) hc_clReleaseMemObject (hashcat_ctx, device_param->d_pws_buf); if (device_param->d_pws_amp_buf) hc_clReleaseMemObject (hashcat_ctx, device_param->d_pws_amp_buf);