From a82f6fb77c82ae3805c80f363d2a1bc66db99f7e Mon Sep 17 00:00:00 2001
From: philsmd <philsmd@hashcat.net>
Date: Tue, 14 Feb 2017 19:48:07 +0100
Subject: [PATCH 1/2] our usage of strtok_r () was not totally correct (but
 almost)

---
 src/affinity.c  | 2 +-
 src/interface.c | 6 +++---
 src/opencl.c    | 6 +++---
 src/tuningdb.c  | 2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/affinity.c b/src/affinity.c
index 158e1d80b..fc6215548 100644
--- a/src/affinity.c
+++ b/src/affinity.c
@@ -63,7 +63,7 @@ int set_cpu_affinity (MAYBE_UNUSED hashcat_ctx_t *hashcat_ctx)
 
   char *devices = hcstrdup (user_options->cpu_affinity);
 
-  char *saveptr = NULL;
+  char *saveptr;
 
   char *next = strtok_r (devices, ",", &saveptr);
 
diff --git a/src/interface.c b/src/interface.c
index ff00b4996..3e2dd6a8c 100644
--- a/src/interface.c
+++ b/src/interface.c
@@ -5112,7 +5112,7 @@ int ikepsk_md5_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE
 
   size_t in_len[9] = { 0 };
 
-  char *saveptr = NULL;
+  char *saveptr;
 
   in_off[0] = (u8 *) strtok_r ((char *) input_buf, ":", &saveptr);
 
@@ -5198,7 +5198,7 @@ int ikepsk_sha1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYB
 
   size_t in_len[9] = { 0 };
 
-  char *saveptr = NULL;
+  char *saveptr;
 
   in_off[0] = (u8 *) strtok_r ((char *) input_buf, ":", &saveptr);
 
@@ -22507,7 +22507,7 @@ int hashconfig_general_defaults (hashcat_ctx_t *hashcat_ctx)
 
     char *keyfiles = hcstrdup (tcvc_keyfiles);
 
-    char *saveptr = NULL;
+    char *saveptr;
 
     char *keyfile = strtok_r (keyfiles, ",", &saveptr);
 
diff --git a/src/opencl.c b/src/opencl.c
index 57327f9c1..bd79b3e4a 100644
--- a/src/opencl.c
+++ b/src/opencl.c
@@ -180,7 +180,7 @@ static int setup_opencl_platforms_filter (hashcat_ctx_t *hashcat_ctx, const char
   {
     char *platforms = hcstrdup (opencl_platforms);
 
-    char *saveptr = NULL;
+    char *saveptr;
 
     char *next = strtok_r (platforms, ",", &saveptr);
 
@@ -221,7 +221,7 @@ static int setup_devices_filter (hashcat_ctx_t *hashcat_ctx, const char *opencl_
   {
     char *devices = hcstrdup (opencl_devices);
 
-    char *saveptr = NULL;
+    char *saveptr;
 
     char *next = strtok_r (devices, ",", &saveptr);
 
@@ -262,7 +262,7 @@ static int setup_device_types_filter (hashcat_ctx_t *hashcat_ctx, const char *op
   {
     char *device_types = hcstrdup (opencl_device_types);
 
-    char *saveptr = NULL;
+    char *saveptr;
 
     char *next = strtok_r (device_types, ",", &saveptr);
 
diff --git a/src/tuningdb.c b/src/tuningdb.c
index 285c64a12..de56ca3fd 100644
--- a/src/tuningdb.c
+++ b/src/tuningdb.c
@@ -119,7 +119,7 @@ int tuning_db_init (hashcat_ctx_t *hashcat_ctx)
 
     int token_cnt = 0;
 
-    char *saveptr = NULL;
+    char *saveptr;
 
     char *next = strtok_r (line_buf, "\t ", &saveptr);
 

From 12047861c54dbf27c9425a515847cfbabacee166 Mon Sep 17 00:00:00 2001
From: philsmd <philsmd@hashcat.net>
Date: Tue, 14 Feb 2017 20:07:49 +0100
Subject: [PATCH 2/2] also double-check input/output of strtok_r ()

---
 src/interface.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/interface.c b/src/interface.c
index 3e2dd6a8c..799305f9d 100644
--- a/src/interface.c
+++ b/src/interface.c
@@ -5114,6 +5114,8 @@ int ikepsk_md5_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE
 
   char *saveptr;
 
+  if (input_buf == NULL) return (PARSER_HASH_VALUE);
+
   in_off[0] = (u8 *) strtok_r ((char *) input_buf, ":", &saveptr);
 
   if (in_off[0] == NULL) return (PARSER_SEPARATOR_UNMATCHED);
@@ -5200,6 +5202,8 @@ int ikepsk_sha1_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYB
 
   char *saveptr;
 
+  if (input_buf == NULL) return (PARSER_HASH_VALUE);
+
   in_off[0] = (u8 *) strtok_r ((char *) input_buf, ":", &saveptr);
 
   if (in_off[0] == NULL) return (PARSER_SEPARATOR_UNMATCHED);
@@ -22511,6 +22515,13 @@ int hashconfig_general_defaults (hashcat_ctx_t *hashcat_ctx)
 
     char *keyfile = strtok_r (keyfiles, ",", &saveptr);
 
+    if (keyfile == NULL)
+    {
+      free (keyfiles);
+
+      return -1;
+    }
+
     do
     {
       const int rc_crc32 = cpu_crc32 (hashcat_ctx, keyfile, (u8 *) keyfile_buf);