From 5d9d3c7eb732c02f9a1928891cfa237c3d8696e4 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Sun, 13 Mar 2022 14:25:09 +0100 Subject: [PATCH 1/2] sanity check for u32 cast for combs_cnt, bfs_cnt --- src/backend.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/backend.c b/src/backend.c index 24cdf6462..9e282879e 100644 --- a/src/backend.c +++ b/src/backend.c @@ -3595,6 +3595,17 @@ int run_cracker (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, co } else { + // sanity check: do NOT cast to an u32 integer type without checking that it is safe (upper bits must NOT be set) + + if (user_options_extra->attack_kern == ATTACK_KERN_COMBI) + { + if (combinator_ctx->combs_cnt >> 32) != 0) return -1; + } + else if (user_options_extra->attack_kern == ATTACK_KERN_BF) + { + if (mask_ctx->bfs_cnt >> 32) != 0) return -1; + } + if (hashconfig->attack_exec == ATTACK_EXEC_INSIDE_KERNEL) innerloop_step = device_param->kernel_loops; else innerloop_step = 1; From b51f536ac5fad04e0fdc9eb8f70b090d2572a6b8 Mon Sep 17 00:00:00 2001 From: philsmd <921533+philsmd@users.noreply.github.com> Date: Sun, 13 Mar 2022 14:41:34 +0100 Subject: [PATCH 2/2] sanity check for u32 cast for combs_cnt, bfs_cnt --- src/backend.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/backend.c b/src/backend.c index 9e282879e..53d38ee12 100644 --- a/src/backend.c +++ b/src/backend.c @@ -3599,11 +3599,11 @@ int run_cracker (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, co if (user_options_extra->attack_kern == ATTACK_KERN_COMBI) { - if (combinator_ctx->combs_cnt >> 32) != 0) return -1; + if ((combinator_ctx->combs_cnt >> 32) != 0) return -1; } else if (user_options_extra->attack_kern == ATTACK_KERN_BF) { - if (mask_ctx->bfs_cnt >> 32) != 0) return -1; + if ((mask_ctx->bfs_cnt >> 32) != 0) return -1; } if (hashconfig->attack_exec == ATTACK_EXEC_INSIDE_KERNEL) innerloop_step = device_param->kernel_loops;