arno/hashcat
1
0
Fork 0
mirror of https://github.com/hashcat/hashcat.git synced 2025-07-04 05:42:35 +00:00
Code Issues Releases Wiki Activity

Merge pull request #4101 from matrix/pkzip_stack-buffer-overflow

Browse Source 
Fixed stack buffer overflow in PKZIP modules (17200, 17210, 17220, 17225, 17230)
This commit is contained in:
Jens Steube 2025-06-13 12:59:46 +02:00 committed by GitHub
commit fc7b1c5e16
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 36 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/changes.txt
View File

@ -105,6 +105,7 @@
- Fixed minimum password length in module of hash-mode 28200
- Fixed minimum password length in module of hash-mode 29800
- Fixed out-of-boundary read when a fast hash defines a kernel_loops_min value higher than the amplifiers provided by the user
- Fixed stack buffer overflow in PKZIP modules (17200, 17210, 17220, 17225, 17230)
- Fixed vector datatypes usage for HIP
- Fix missing check for -j and -k before writing hashcat.dictstat2 which can lead to false negatives
- Handle signed/unsigned PDF permission P value for all PDF hash-modes

9
src/modules/module_17200.c
View File

@ -91,6 +91,7 @@ Related publication: https://scitepress.org/PublicationsDetail.aspx?ID=KLPzPqStp
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "memory.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
@ -218,9 +219,11 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
u32 *digest = (u32 *) digest_buf;
char input[line_len + 1];
char *input = (char *) hcmalloc (line_len + 1);
if (!input) return PARSER_HAVE_ERRNO;
memcpy (input, line_buf, line_len);
input[line_len] = '\0';
memcpy (&input, line_buf, line_len);
char *saveptr = NULL;
@ -330,6 +333,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
digest[2] = 0;
digest[3] = 0;
hcfree (input);
return (PARSER_OK);
}

9
src/modules/module_17210.c
View File

@ -91,6 +91,7 @@ Related publication: https://scitepress.org/PublicationsDetail.aspx?ID=KLPzPqStp
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "memory.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
@ -186,9 +187,11 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
u32 *digest = (u32 *) digest_buf;
char input[line_len + 1];
char *input = (char *) hcmalloc (line_len + 1);
if (!input) return PARSER_HAVE_ERRNO;
memcpy (input, line_buf, line_len);
input[line_len] = '\0';
memcpy (&input, line_buf, line_len);
char *saveptr = NULL;
@ -297,6 +300,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
digest[2] = 0;
digest[3] = 0;
hcfree (input);
return (PARSER_OK);
}

9
src/modules/module_17220.c
View File

@ -91,6 +91,7 @@ Related publication: https://scitepress.org/PublicationsDetail.aspx?ID=KLPzPqStp
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "memory.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
@ -218,9 +219,11 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
u32 *digest = (u32 *) digest_buf;
char input[line_len + 1];
char *input = (char *) hcmalloc (line_len + 1);
if (!input) return PARSER_HAVE_ERRNO;
memcpy (input, line_buf, line_len);
input[line_len] = '\0';
memcpy (&input, line_buf, line_len);
char *saveptr = NULL;
@ -326,6 +329,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
salt->salt_len = pkzip->hash_count << 2;
hcfree (input);
return (PARSER_OK);
}

9
src/modules/module_17225.c
View File

@ -91,6 +91,7 @@ Related publication: https://scitepress.org/PublicationsDetail.aspx?ID=KLPzPqStp
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "memory.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
@ -219,9 +220,11 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
u32 *digest = (u32 *) digest_buf;
char input[line_len + 1];
char *input = (char *) hcmalloc (line_len + 1);
if (!input) return PARSER_HAVE_ERRNO;
memcpy (input, line_buf, line_len);
input[line_len] = '\0';
memcpy (&input, line_buf, line_len);
char *saveptr = NULL;
@ -327,6 +330,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
salt->salt_len = pkzip->hash_count << 2;
hcfree (input);
return (PARSER_OK);
}

9
src/modules/module_17230.c
View File

@ -91,6 +91,7 @@ Related publication: https://scitepress.org/PublicationsDetail.aspx?ID=KLPzPqStp
#include "bitops.h"
#include "convert.h"
#include "shared.h"
#include "memory.h"
static const u32 ATTACK_EXEC = ATTACK_EXEC_INSIDE_KERNEL;
static const u32 DGST_POS0 = 0;
@ -199,9 +200,11 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
u32 *digest = (u32 *) digest_buf;
char input[line_len + 1];
char *input = (char *) hcmalloc (line_len + 1);
if (!input) return PARSER_HAVE_ERRNO;
memcpy (input, line_buf, line_len);
input[line_len] = '\0';
memcpy (&input, line_buf, line_len);
char *saveptr = NULL;
@ -308,6 +311,8 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
salt->salt_len = pkzip->hash_count << 2;
hcfree (input);
return (PARSER_OK);
}