From 6940f11b15027d8afe802df6eddae47b34549277 Mon Sep 17 00:00:00 2001 From: Gabriele Gristina Date: Thu, 11 Jul 2019 17:56:34 +0200 Subject: [PATCH] fix buffer overflow in build_plain() --- src/hashes.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/hashes.c b/src/hashes.c index 1b8f4591a..e9e0a3e7e 100644 --- a/src/hashes.c +++ b/src/hashes.c @@ -330,18 +330,22 @@ void check_hash (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param, pl // plain - u32 plain_buf[64] = { 0 }; + u8 plain_buf[256+1]; - u8 *plain_ptr = (u8 *) plain_buf; + memset (plain_buf, 0, sizeof (plain_buf)); + + u8 *plain_ptr = plain_buf; int plain_len = 0; - build_plain (hashcat_ctx, device_param, plain, plain_buf, &plain_len); + build_plain (hashcat_ctx, device_param, plain, (u32 *)plain_buf, &plain_len); if (module_ctx->module_build_plain_postprocess != MODULE_DEFAULT) { - u32 temp_buf[64] = { 0 }; + u8 temp_buf[256+1] = { 0 }; - const int temp_len = module_ctx->module_build_plain_postprocess (hashcat_ctx->hashconfig, hashcat_ctx->hashes, tmps, plain_buf, sizeof (plain_buf), plain_len, temp_buf, sizeof (temp_buf)); + memset (temp_buf, 0, sizeof (temp_buf)); + + const int temp_len = module_ctx->module_build_plain_postprocess (hashcat_ctx->hashconfig, hashcat_ctx->hashes, tmps, (u32 *)plain_buf, sizeof (plain_buf), plain_len, (u32 *)temp_buf, sizeof (temp_buf)); if (temp_len < (int) sizeof (plain_buf)) {