From ec0d1309fe228b2d4ae184fe5a501532c72632a9 Mon Sep 17 00:00:00 2001 From: Jens Steube Date: Wed, 12 May 2021 00:17:41 +0200 Subject: [PATCH] Avoid large buffer allocation on stack in -m 23700 and -m 23800 - it crashes on macOS --- src/modules/module_23700.c | 9 +++++++-- src/modules/module_23800.c | 8 ++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/modules/module_23700.c b/src/modules/module_23700.c index 3d099888c..c315214ca 100644 --- a/src/modules/module_23700.c +++ b/src/modules/module_23700.c @@ -9,6 +9,7 @@ #include "bitops.h" #include "convert.h" #include "shared.h" +#include "memory.h" static const u32 ATTACK_EXEC = ATTACK_EXEC_OUTSIDE_KERNEL; static const u32 DGST_POS0 = 0; @@ -294,10 +295,10 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE const u32 *digest = (const u32 *) digest_buf; const rar3_t *rar3 = (const rar3_t *) esalt_buf; - u8 data[655360] = { 0 }; - const u32 data_len = rar3->pack_size; + u8 *data = (u8 *) hcmalloc ((data_len * 2) + 1); + // like hex encode, but swapped: // hex_encode ((const u8 *) rar3->data, rar3->pack_size, data); @@ -308,6 +309,8 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE u32_to_hex (d, data + j); } + data[data_len * 2] = 0; + const int line_len = snprintf (line_buf, line_size, "%s*1*%08x%08x*%08x*%u*%u*1*%s*30", SIGNATURE_RAR3, byte_swap_32 (salt->salt_buf[0]), @@ -317,6 +320,8 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE rar3->unpack_size, data); + hcfree (data); + return line_len; } diff --git a/src/modules/module_23800.c b/src/modules/module_23800.c index d9589db6d..9b0a6eb2d 100644 --- a/src/modules/module_23800.c +++ b/src/modules/module_23800.c @@ -579,12 +579,14 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE rar3_hook_salt_t *rar3_hook_salt = (rar3_hook_salt_t *) hook_salt_buf; - u8 data[655360] = { 0 }; - const u32 data_len = rar3_hook_salt->pack_size; + u8 *data = (u8 *) hcmalloc ((data_len * 2) + 1); + hex_encode ((const u8 *) rar3_hook_salt->data, data_len, data); + data[data_len * 2] = 0; + const int line_len = snprintf (line_buf, line_size, "%s*1*%08x%08x*%08x*%u*%u*1*%s*%i", SIGNATURE_RAR3, byte_swap_32 (salt->salt_buf[0]), @@ -595,6 +597,8 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE data, rar3_hook_salt->method); + hcfree (data); + return line_len; }