Fixed buffer overflow in mp_add_cs_buf() function

2024-11-02 20:39:22 +01:00 · 2020-02-19 18:50:50 +01:00 · 2020-02-19 18:50:50 +01:00 · 189bbb2661
commit 189bbb2661
parent 9957422191
2 changed files with 8 additions and 0 deletions
--- a/docs/changes.txt
+++ b/docs/changes.txt
@ -73,6 +73,7 @@
 ##

 - Fixed buffer overflow in build_plain() function
+- Fixed buffer overflow in mp_add_cs_buf() function
 - Fixed copy/paste error leading to invalid "Integer overflow detected in keyspace of mask" in attack-mode 6 and 7
 - Fixed cracking multiple Office hashes (modes 9500, 9600) with the same salt
 - Fixed cracking of Blockchain, My Wallet (V1 and V2) hashes with unexpected decrypted data
--- a/src/mpsp.c
+++ b/src/mpsp.c
@ -217,6 +217,13 @@ static int mp_add_cs_buf (hashcat_ctx_t *hashcat_ctx, const u32 *in_buf, size_t
 {
  const hashconfig_t *hashconfig = hashcat_ctx->hashconfig;

+  if (css_cnt == 256)
+  {
+    event_log_error (hashcat_ctx, "Invalid mask length.");
+
+    return -1;
+  }
+
  cs_t *cs = &css[css_cnt];

  size_t css_uniq_sz = CHARSIZ * sizeof (u32);