Fixed invalid use of --hex-wordlist if encoded wordlist string is larger than length 256

5 years ago · a0284b8378
parent b197610811
commit a0284b8378
4 changed files with 23 additions and 8 deletions
--- a/docs/changes.txt
+++ b/docs/changes.txt
@ -67,6 +67,7 @@
 - Fixed incorrect progress-only result in a special race condition
 - Fixed invalid call of mp_css_utf16le_expand()/mp_css_utf16be_expand() in a slow-candidate session
 - Fixed invalid password truncation in attack-mode 1 if final password is longer than 32 character
+- Fixed invalid use of --hex-wordlist if encoded wordlist string is larger than length 256
 - Fixed maximum password length limit which was announced as 256 but actually was 255
 - Fixed output of IKE PSK (mode 5300 and 5400) hashes to have separators at right position
 - Fixed output password of "e" rule in pure and cpu rule engine if separator character is also the first letter
--- a/src/dispatch.c
+++ b/src/dispatch.c
@ -1390,8 +1390,6 @@ static int calc (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param)
          {
            get_next_word (hashcat_ctx_tmp, &fp, &line_buf, &line_len);

-            line_len = (u32) convert_from_hex (hashcat_ctx, line_buf, line_len);
-
            // post-process rule engine

            if (run_rule_engine ((int) user_options_extra->rule_len_l, user_options->rule_buf_l))
--- a/src/slow_candidates.c
+++ b/src/slow_candidates.c
@ -125,6 +125,8 @@ void slow_candidates_seek (hashcat_ctx_t *hashcat_ctx, void *extra_info, const u
      {
        line_len = (u32) fgetl (combs_fp, line_buf, HCBUFSIZ_LARGE);

+        line_len = convert_from_hex (hashcat_ctx, line_buf, line_len);
+
        // post-process rule engine

        if (run_rule_engine ((int) user_options_extra->rule_len_l, user_options->rule_buf_l))
@ -180,8 +182,6 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info)

        get_next_word (hashcat_ctx, fp, &line_buf, &line_len);

-        line_len = (u32) convert_from_hex (hashcat_ctx, line_buf, line_len);
-
        // post-process rule engine

        char rule_buf_out[RP_PASSWORD_SIZE];
@ -250,21 +250,22 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info)
      {
        get_next_word (hashcat_ctx, base_fp, &line_buf, &line_len);

-        line_len = (u32) convert_from_hex (hashcat_ctx, line_buf, line_len);
-
        // post-process rule engine

+        char rule_buf_out[RP_PASSWORD_SIZE];
+
        if (run_rule_engine ((int) user_options_extra->rule_len_l, user_options->rule_buf_l))
        {
          if (line_len >= RP_PASSWORD_SIZE) continue;

-          char rule_buf_out[RP_PASSWORD_SIZE];
-
          memset (rule_buf_out, 0, sizeof (rule_buf_out));

          const int rule_len_out = _old_apply_rule (user_options->rule_buf_l, (int) user_options_extra->rule_len_l, line_buf, (int) line_len, rule_buf_out);

          if (rule_len_out < 0) continue;
+
+          line_buf = rule_buf_out;
+          line_len = (u32) rule_len_out;
        }

        break;
@ -288,6 +289,8 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info)
    {
      line_len = (u32) fgetl (combs_fp, line_buf, HCBUFSIZ_LARGE);

+      line_len = convert_from_hex (hashcat_ctx, line_buf, line_len);
+
      // post-process rule engine

      if (run_rule_engine ((int) user_options_extra->rule_len_r, user_options->rule_buf_r))
--- a/src/wordlist.c
+++ b/src/wordlist.c
@ -187,7 +187,13 @@ void get_next_word (hashcat_ctx_t *hashcat_ctx, HCFILE *fp, char **out_buf, u32

    wl_data->pos += off;

+    // do the on-the-fly hex decode using original buffer
+    // this is safe as length only decreases in size
+
+    len = (u32) convert_from_hex (hashcat_ctx, ptr, len);
+
    // do the on-the-fly encoding
+    // needs to write into new buffer because size case both decrease and increase

    if (wl_data->iconv_enabled == true)
    {
@ -204,6 +210,8 @@ void get_next_word (hashcat_ctx_t *hashcat_ctx, HCFILE *fp, char **out_buf, u32
      len = HCBUFSIZ_TINY - iconv_sz;
    }

+    // this is only a test for length, not writing into output buffer
+
    if (run_rule_engine (user_options_extra->rule_len_l, user_options->rule_buf_l))
    {
      if (len >= RP_PASSWORD_SIZE) continue;
@ -444,6 +452,11 @@ int count_words (hashcat_ctx_t *hashcat_ctx, HCFILE *fp, const char *dictfile, u

      i += off;

+      // do the on-the-fly hex decode using original buffer
+      // this is safe as length only decreases in size
+
+      len = (u32) convert_from_hex (hashcat_ctx, ptr, len);
+
      // do the on-the-fly encoding

      if (wl_data->iconv_enabled == true)