From a74cbe3461fea425f73a0fa4de8726ebb39fb920 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Mon, 10 Feb 2020 16:32:34 +0100 Subject: [PATCH] Fixed out-of-boundary read in pure kernel rule engine rule 'p' if parameter is set to 2 or higher --- OpenCL/inc_rp.cl | 12 +++++++++++- docs/changes.txt | 1 + 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/OpenCL/inc_rp.cl b/OpenCL/inc_rp.cl index 80abaf1ee..5790c1a33 100644 --- a/OpenCL/inc_rp.cl +++ b/OpenCL/inc_rp.cl @@ -300,7 +300,17 @@ DECLSPEC int mangle_dupeword_times (MAYBE_UNUSED const u8 p0, MAYBE_UNUSED const u8 *out = buf + len; - for (int t = 0; t < p0; t++) for (int i = 0; i < len; i++) *out++ = *buf++; + int out_pos = len; + + for (int t = 0; t < p0; t++) + { + for (int i = 0; i < len; i++) + { + out[out_pos] = buf[i]; + + out_pos++; + } + } return (out_len); } diff --git a/docs/changes.txt b/docs/changes.txt index 75c5a0524..183b48bb8 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -85,6 +85,7 @@ - Fixed invalid password truncation in attack-mode 1 if final password is longer than 32 character - Fixed invalid use of --hex-wordlist if encoded wordlist string is larger than length 256 - Fixed maximum password length limit which was announced as 256 but actually was 255 +- Fixed out-of-boundary read in pure kernel rule engine rule 'p' if parameter is set to 2 or higher - Fixed output of IKE PSK (mode 5300 and 5400) hashes to have separators at right position - Fixed output password of "e" rule in pure and cpu rule engine if separator character is also the first letter - Fixed problem with the usage of the hexadecimal notations (\x00-\xff) within rules