From ab932815eaa94b5ff1c64320ba0387c096675027 Mon Sep 17 00:00:00 2001 From: jsteube Date: Tue, 4 Jul 2023 09:40:39 +0000 Subject: [PATCH] Fixed out-of-boundary read in autotune.c when a fast hash defines a kernel_loops_min value that is higher than the actual number of amplifiers provided by the user --- src/backend.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/backend.c b/src/backend.c index 3b7f20e0d..94a8ace54 100644 --- a/src/backend.c +++ b/src/backend.c @@ -9797,8 +9797,10 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx) device_param->size_results = size_results; - u64 size_rules = (u64) straight_ctx->kernel_rules_cnt * sizeof (kernel_rule_t); - u64 size_rules_c = (u64) KERNEL_RULES * sizeof (kernel_rule_t); + u32 aligned_rules_cnt = MAX (MAX (straight_ctx->kernel_rules_cnt, device_param->kernel_loops_min), KERNEL_RULES); + + u64 size_rules = (u64) aligned_rules_cnt * sizeof (kernel_rule_t); + u64 size_rules_c = (u64) KERNEL_RULES * sizeof (kernel_rule_t); device_param->size_rules = size_rules; device_param->size_rules_c = size_rules_c;