From 4869e2a9d11e9d82768cdccb7357850891833acf Mon Sep 17 00:00:00 2001 From: Gabriele Gristina Date: Sat, 31 Jul 2021 15:52:44 +0200 Subject: [PATCH] Fixed buffer overflow in Stuffit5 module --- docs/changes.txt | 1 + src/modules/module_24700.c | 14 +++++++++----- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 1ab36e2df..78cb1f98c 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -14,6 +14,7 @@ - Fixed autotune unitialized tmps variable for slow hashes by calling _init kernel before calling _loop kernel - Fixed datatype in function sha384_hmac_init_vector_128() that could come into effect if vector datatype was manually set - Fixed false negative in all VeraCrypt hash-modes if both conditions are met: 1. use CPU for cracking and 2. PIM range was used +- Fixed buffer overflow in Stuffit5 module ## ## Improvements diff --git a/src/modules/module_24700.c b/src/modules/module_24700.c index 04163dc37..e50df1c2f 100644 --- a/src/modules/module_24700.c +++ b/src/modules/module_24700.c @@ -52,9 +52,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE token.token_cnt = 1; - token.len_min[0] = 10; - token.len_max[0] = 10; - token.attr[0] = TOKEN_ATTR_VERIFY_LENGTH + token.len[0] = 10; + token.attr[0] = TOKEN_ATTR_FIXED_LENGTH | TOKEN_ATTR_VERIFY_HEX; const int rc_tokenizer = input_tokenizer ((const u8 *) line_buf, line_len, &token); @@ -62,9 +61,14 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE if (rc_tokenizer != PARSER_OK) return (rc_tokenizer); const u8 *hash_pos = token.buf[0]; + const u32 hash_len = token.len[0]; - digest[0] = hex_to_u32 (hash_pos + 0); - digest[1] = hex_to_u32 (hash_pos + 8); + u8 digest_tmp[16] = { 0 }; + + memcpy (digest_tmp, hash_pos, hash_len); + + digest[0] = hex_to_u32 (digest_tmp + 0); + digest[1] = hex_to_u32 (digest_tmp + 8); if (hashconfig->opti_type & OPTI_TYPE_OPTIMIZED_KERNEL) {