Overhaul of all formats that use base64decode(). It adds a NULL

string terminator that the destination buffer must be sized for.
openwall · Nov 5, 2014 · c4574d0 · c4574d0
1 parent 2506916
commit c4574d0
Show file tree

Hide file tree

Showing 23 changed files with 17 additions and 31 deletions.
diff --git a/src/crypt-sha1_fmt_plug.c b/src/crypt-sha1_fmt_plug.c
@@ -24,7 +24,6 @@ john_register_one(&fmt_cryptsha1);
 #endif
 
 #include "arch.h"
-#include "base64.h"
 #include "sha.h"
 #include "params.h"
 #include "common.h"

diff --git a/src/cuda_pwsafe_fmt_plug.c b/src/cuda_pwsafe_fmt_plug.c
@@ -26,7 +26,6 @@ john_register_one(&fmt_cuda_pwsafe);
 #include "formats.h"
 #include "params.h"
 #include "options.h"
-#include "base64.h"
 #include "memory.h"
 #include "cuda_pwsafe.h"
 #include "cuda_common.h"

diff --git a/src/django_scrypt_fmt_plug.c b/src/django_scrypt_fmt_plug.c
@@ -154,7 +154,7 @@ static void *get_salt(char *ciphertext)
 static void *get_binary(char *ciphertext)
 {
 	static union {
-		unsigned char c[BINARY_SIZE];
+		unsigned char c[BINARY_SIZE + 1];
 		ARCH_WORD dummy;
 	} buf;
 	unsigned char *out = buf.c;
@@ -276,7 +276,7 @@ struct fmt_main fmt_django_scrypt = {
 		{
 			"N",
 			"r",
-			"p" 
+			"p"
 		},
 #endif
 		scrypt_tests
@@ -293,7 +293,7 @@ struct fmt_main fmt_django_scrypt = {
 		{
 			tunable_cost_N,
 			tunable_cost_r,
-			tunable_cost_p 
+			tunable_cost_p
 		},
 #endif
 		fmt_default_source,

diff --git a/src/episerver_fmt_plug.c b/src/episerver_fmt_plug.c
@@ -90,7 +90,7 @@ static ARCH_WORD_32 (*crypt_out)[BINARY_SIZE / sizeof(ARCH_WORD_32)];
 
 static struct custom_salt {
 	int version;
-	unsigned char esalt[18]; /* base64 decoding, 24 / 4 * 3 = 18 */
+	unsigned char esalt[18 + 1]; /* base64 decoding, 24 / 4 * 3 = 18 */
 } *cur_salt;
 
 static void init(struct fmt_main *self)
@@ -164,7 +164,7 @@ static void *get_salt(char *ciphertext)
 static void *get_binary(char *ciphertext)
 {
 	static union {
-		unsigned char c[BINARY_SIZE+1];
+		unsigned char c[BINARY_SIZE + 1];
 		ARCH_WORD dummy;
 	} buf;
 	unsigned char *out = buf.c;

diff --git a/src/keepass_fmt_plug.c b/src/keepass_fmt_plug.c
@@ -27,7 +27,6 @@ john_register_one(&fmt_KeePass);
 #include "formats.h"
 #include "params.h"
 #include "options.h"
-#include "base64.h"
 #include "aes/aes.h"
 #include "twofish.h"
 #ifdef _OPENMP

diff --git a/src/known_hosts_fmt_plug.c b/src/known_hosts_fmt_plug.c
@@ -60,7 +60,7 @@ static char (*saved_key)[PLAINTEXT_LENGTH + 1];
 static ARCH_WORD_32 (*crypt_out)[BINARY_SIZE / sizeof(ARCH_WORD_32)];
 
 static struct custom_salt {
-	unsigned char salt[20 + 4];
+	unsigned char salt[20 + 1 + 4];
 } *cur_salt;
 
 static void init(struct fmt_main *self)
@@ -114,7 +114,7 @@ static void *get_salt(char *ciphertext)
 static void *get_binary(char *ciphertext)
 {
 	static union {
-		unsigned char c[BINARY_SIZE + 4];
+		unsigned char c[BINARY_SIZE + 1 + 4];
 		ARCH_WORD dummy;
 	} buf;
 	unsigned char *out = buf.c;

diff --git a/src/luks_fmt_plug.c b/src/luks_fmt_plug.c
@@ -243,7 +243,7 @@ static int hash_plugin_parse_hash(char *filename, struct custom_salt *cs, int is
 	}
 
 	// can this go over 4gb?
-	cs->cipherbuf = mem_alloc_tiny(cs->afsize, MEM_ALIGN_NONE);
+	cs->cipherbuf = mem_alloc_tiny(cs->afsize + 1, MEM_ALIGN_NONE);
 	if (!cs->cipherbuf)
 		goto bad;
 	// printf(">>> %d\n", cs->afsize);
@@ -389,7 +389,7 @@ static void *get_salt(char *ciphertext)
 
 	if (is_inlined) {
 		p = strtok(NULL, "$");
-		size = (strlen(p) + 20) / 4 * 3;
+		size = (strlen(p) + 20) / 4 * 3 + 1;
 		cs.cipherbuf = mem_alloc_tiny(size, MEM_ALIGN_NONE);
 		base64_decode(p, strlen(p), (char*)cs.cipherbuf);
 	}

diff --git a/src/mysql_netauth_fmt_plug.c b/src/mysql_netauth_fmt_plug.c
@@ -22,7 +22,6 @@ john_register_one(&fmt_mysqlna);
 #include "formats.h"
 #include "params.h"
 #include "options.h"
-#include "base64.h"
 #ifdef _OPENMP
 static int omp_t = 1;
 #include <omp.h>

diff --git a/src/nsldap_fmt_plug.c b/src/nsldap_fmt_plug.c
@@ -234,7 +234,7 @@ static int crypt_all(int *pcount, struct db_salt *salt)
 
 static void * binary(char *ciphertext)
 {
-	static char realcipher[BINARY_SIZE + 9];
+	static char realcipher[BINARY_SIZE + 1 + 9];
 
 	memset(realcipher, 0, sizeof(realcipher));
 	base64_decode(ciphertext + NSLDAP_MAGIC_LENGTH,

diff --git a/src/office_fmt_plug.c b/src/office_fmt_plug.c
@@ -24,7 +24,6 @@ john_register_one(&fmt_office);
 #include "formats.h"
 #include "params.h"
 #include "options.h"
-#include "base64.h"
 #include "unicode.h"
 #include "sha.h"
 #include "sha2.h"

diff --git a/src/opencl_nsldaps_fmt_plug.c b/src/opencl_nsldaps_fmt_plug.c
@@ -235,7 +235,7 @@ static void fmt_ssha_init(struct fmt_main *self)
 
 
 static void *binary(char *ciphertext) {
-	static char realcipher[DIGEST_SIZE + SALT_SIZE + 9];
+	static char realcipher[DIGEST_SIZE + 1 + SALT_SIZE + 9];
 
 	memset(realcipher, 0, sizeof(realcipher));
 	base64_decode(NSLDAP_MAGIC_LENGTH + ciphertext, CIPHERTEXT_LENGTH,
@@ -247,7 +247,7 @@ static void *get_salt(char *ciphertext){
 	static char *realcipher;
 
 	// Cludge to be sure to satisfy the salt aligment test of 1.7.9.3 on 64-bit
-	if (!realcipher) realcipher = mem_alloc_tiny(DIGEST_SIZE + SALT_SIZE + 9 + 4, MEM_ALIGN_WORD) + 4;
+	if (!realcipher) realcipher = mem_alloc_tiny(DIGEST_SIZE + 1 + SALT_SIZE + 9 + 4, MEM_ALIGN_WORD) + 4;
 
 	memset(realcipher, 0, DIGEST_SIZE + SALT_SIZE + 9 + 4);
 

diff --git a/src/opencl_office2007_fmt_plug.c b/src/opencl_office2007_fmt_plug.c
@@ -32,7 +32,6 @@ john_register_one(&fmt_opencl_office2007);
 #include "formats.h"
 #include "params.h"
 #include "options.h"
-#include "base64.h"
 #include "unicode.h"
 #include "common-opencl.h"
 #include "config.h"

diff --git a/src/opencl_office2010_fmt_plug.c b/src/opencl_office2010_fmt_plug.c
@@ -32,7 +32,6 @@ john_register_one(&fmt_opencl_office2010);
 #include "formats.h"
 #include "params.h"
 #include "options.h"
-#include "base64.h"
 #include "unicode.h"
 #include "common-opencl.h"
 #include "config.h"

diff --git a/src/opencl_office2013_fmt_plug.c b/src/opencl_office2013_fmt_plug.c
@@ -31,7 +31,6 @@ john_register_one(&fmt_opencl_office2013);
 #include "formats.h"
 #include "params.h"
 #include "options.h"
-#include "base64.h"
 #include "unicode.h"
 #include "common-opencl.h"
 #include "config.h"

diff --git a/src/opencl_pwsafe_fmt_plug.c b/src/opencl_pwsafe_fmt_plug.c
@@ -27,7 +27,6 @@ john_register_one(&fmt_opencl_pwsafe);
 #include "formats.h"
 #include "params.h"
 #include "options.h"
-#include "base64.h"
 #include "common-opencl.h"
 #include "memory.h"
 

diff --git a/src/opencl_rar5_fmt_plug.c b/src/opencl_rar5_fmt_plug.c
@@ -25,7 +25,6 @@ john_register_one(&fmt_ocl_rar5);
 
 #include "misc.h"
 #include "arch.h"
-#include "base64.h"
 #include "common.h"
 #include "formats.h"
 #include "options.h"

diff --git a/src/opencl_sha1crypt_fmt_plug.c b/src/opencl_sha1crypt_fmt_plug.c
@@ -17,7 +17,6 @@ john_register_one(&fmt_ocl_cryptsha1);
 #include <string.h>
 
 #include "arch.h"
-#include "base64.h"
 #include "sha.h"
 #include "params.h"
 #include "common.h"

diff --git a/src/pbkdf2_hmac_sha256_fmt_plug.c b/src/pbkdf2_hmac_sha256_fmt_plug.c
@@ -111,7 +111,7 @@ static struct fmt_tests tests[] = {
 
 static struct custom_salt {
 	uint8_t length;
-	uint8_t salt[MAX_SALT_SIZE];
+	uint8_t salt[MAX_SALT_SIZE + 1];
 	uint32_t rounds;
 } *cur_salt;
 

diff --git a/src/pwsafe_fmt_plug.c b/src/pwsafe_fmt_plug.c
@@ -28,7 +28,6 @@ john_register_one(&fmt_pwsafe);
 #include "formats.h"
 #include "params.h"
 #include "options.h"
-#include "base64.h"
 #ifdef _OPENMP
 static int omp_t = 1;
 #include <omp.h>

diff --git a/src/salted_sha1_fmt_plug.c b/src/salted_sha1_fmt_plug.c
@@ -49,7 +49,7 @@ john_register_one(&fmt_saltedsha);
 #define SALT_SIZE			(MAX_SALT_LEN + sizeof(unsigned int))
 #define SALT_ALIGN			4
 
-#define CIPHERTEXT_LENGTH		((BINARY_SIZE + MAX_SALT_LEN + 2) / 3 * 4)
+#define CIPHERTEXT_LENGTH		((BINARY_SIZE + 1 + MAX_SALT_LEN + 2) / 3 * 4)
 
 #ifdef MMX_COEF
 #define MIN_KEYS_PER_CRYPT		NBKEYS
@@ -124,7 +124,7 @@ static SHA_CTX ctx;
 static void * binary(char *ciphertext) {
 	static char *realcipher;
 
-	if (!realcipher) realcipher = mem_alloc_tiny(BINARY_SIZE + SALT_SIZE, MEM_ALIGN_WORD);
+	if (!realcipher) realcipher = mem_alloc_tiny(BINARY_SIZE + 1 + SALT_SIZE, MEM_ALIGN_WORD);
 
 	ciphertext += NSLDAP_MAGIC_LENGTH;
 	memset(realcipher, 0, BINARY_SIZE);

diff --git a/src/ssha512_fmt_plug.c b/src/ssha512_fmt_plug.c
@@ -45,7 +45,7 @@ john_register_one(&fmt_saltedsha2);
 #define SALT_SIZE                       (MAX_SALT_LEN + sizeof(unsigned int))
 #define SALT_ALIGN                      4
 
-#define CIPHERTEXT_LENGTH               ((BINARY_SIZE + MAX_SALT_LEN + 2) / 3 * 4)
+#define CIPHERTEXT_LENGTH               ((BINARY_SIZE + 1 + MAX_SALT_LEN + 2) / 3 * 4)
 
 #define MIN_KEYS_PER_CRYPT              1
 #define MAX_KEYS_PER_CRYPT              1
@@ -95,7 +95,7 @@ static void init(struct fmt_main *self)
 static void * binary(char *ciphertext) {
 	static char *realcipher;
 
-	if (!realcipher) realcipher = mem_alloc_tiny(BINARY_SIZE + SALT_SIZE, MEM_ALIGN_WORD);
+	if (!realcipher) realcipher = mem_alloc_tiny(BINARY_SIZE + 1 + SALT_SIZE, MEM_ALIGN_WORD);
 
 	ciphertext += NSLDAP_MAGIC_LENGTH;
 	memset(realcipher, 0, BINARY_SIZE);

diff --git a/src/unused/bwtdt_fmt_plug.c b/src/unused/bwtdt_fmt_plug.c
@@ -35,7 +35,6 @@ john_register_one(&fmt_zzz_bwtdt);
 #include "formats.h"
 #include "params.h"
 #include "options.h"
-#include "base64.h"
 #ifdef _OPENMP
 #include <omp.h>
 #define OMP_SCALE               8 // XXX

diff --git a/src/wbb3_fmt_plug.c b/src/wbb3_fmt_plug.c
@@ -34,7 +34,6 @@ john_register_one(&fmt_wbb3);
 #include "formats.h"
 #include "params.h"
 #include "options.h"
-#include "base64.h"
 #ifdef _OPENMP
 #include <omp.h>
 #define OMP_SCALE               8 // tuned on core i7