1
0
mirror of https://github.com/hashcat/hashcat.git synced 2024-12-23 15:18:16 +00:00

Merge pull request #2919 from matrix/fix_24700_bof

Fixed buffer overflow in Stuffit5 module
This commit is contained in:
Jens Steube 2021-08-01 10:31:43 +02:00 committed by GitHub
commit fa2f5342a6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 5 deletions

View File

@ -16,6 +16,7 @@
- Fixed datatype in function sha384_hmac_init_vector_128() that could come into effect if vector datatype was manually set
- Fixed false negative in all VeraCrypt hash-modes if both conditions are met: 1. use CPU for cracking and 2. PIM range was used
- Fixed out-of-boundary read in input_tokenizer() if the signature in the hash is longer than the length of the plugins' signature constant
- Fixed out-of-boundary read in Stuffit5 module in hash_decode()
##
## Improvements

View File

@ -52,9 +52,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
token.token_cnt = 1;
token.len_min[0] = 10;
token.len_max[0] = 10;
token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH
token.len[0] = 10;
token.attr[0] = TOKEN_ATTR_FIXED_LENGTH
| TOKEN_ATTR_VERIFY_HEX;
const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token);
@ -62,9 +61,14 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
if (rc_tokenizer != PARSER_OK) return (rc_tokenizer);
const u8 *hash_pos = token.buf[0];
const u32 hash_len = token.len[0];
digest[0] = hex_to_u32 (hash_pos + 0);
digest[1] = hex_to_u32 (hash_pos + 8);
u8 digest_tmp[16] = { 0 };
memcpy (digest_tmp, hash_pos, hash_len);
digest[0] = hex_to_u32 (digest_tmp + 0);
digest[1] = hex_to_u32 (digest_tmp + 8);
if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL)
{