arno/hashcat
1
0
Fork 0
mirror of https://github.com/hashcat/hashcat.git synced 2025-06-04 23:28:48 +00:00
Code Issues Releases Wiki Activity

Merge pull request #2918 from matrix/fix_15900_bof

Browse Source 
Fixed multiple buffer overflow in DPAPI masterkey file v2 module
This commit is contained in:
Jens Steube 2021-08-03 08:42:49 +02:00 committed by GitHub
commit fbcd7bebe9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/changes.txt
View File

@ -15,6 +15,7 @@
- Fixed autotune unitialized tmps variable for slow hashes by calling _init kernel before calling _loop kernel - Fixed autotune unitialized tmps variable for slow hashes by calling _init kernel before calling _loop kernel
- Fixed datatype in function sha384_hmac_init_vector_128() that could come into effect if vector datatype was manually set - Fixed datatype in function sha384_hmac_init_vector_128() that could come into effect if vector datatype was manually set
- Fixed false negative in all VeraCrypt hash-modes if both conditions are met: 1. use CPU for cracking and 2. PIM range was used - Fixed false negative in all VeraCrypt hash-modes if both conditions are met: 1. use CPU for cracking and 2. PIM range was used
- Fixed multiple buffer overflow in DPAPI masterkey file v2 module
- Fixed out-of-boundary read in input_tokenizer() if the signature in the hash is longer than the length of the plugins' signature constant - Fixed out-of-boundary read in input_tokenizer() if the signature in the hash is longer than the length of the plugins' signature constant
- Fixed out-of-boundary read in Stuffit5 module in hash_decode() - Fixed out-of-boundary read in Stuffit5 module in hash_decode()

6
src/modules/module_15900.c
View File

@ -212,9 +212,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
dpapimk->context = hc_strtoul ((const char *) context_pos, NULL, 10); dpapimk->context = hc_strtoul ((const char *) context_pos, NULL, 10);
// division by 4 should be fine because contents_len is either 208 or 288 for (u32 i = 0; i < dpapimk->contents_len / 8; i++)
for (u32 i = 0; i < dpapimk->contents_len / 4; i++)
{ {
dpapimk->contents[i] = hex_to_u32 ((const u8 *) &contents_pos[i * 8]); dpapimk->contents[i] = hex_to_u32 ((const u8 *) &contents_pos[i * 8]);
@ -303,7 +301,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
SID_tmp = (u8 *) hcmalloc ((SID_len + 1) * sizeof (u8)); SID_tmp = (u8 *) hcmalloc ((SID_len + 1) * sizeof (u8));
for (u32 i = 0; i < (SID_len / 4) + 1; i++) for (u32 i = 0; i < (SID_len / 4); i++)
{ {
u8 hex[8] = { 0 }; u8 hex[8] = { 0 };