From: Jens Steube <jens.steube@gmail.com>
Date: Tue, 23 Feb 2016 09:36:43 +0000 (+0100)
Subject: Evil Bug: Because of not-zeroing a buffer it's possible a hash was cracked but not... 
X-Git-Tag: v3.00-beta~240
X-Git-Url: https://www.flypig.org.uk/git/?a=commitdiff_plain;h=efad2bafac86469ad03c47b24572b1c6b5b52911;p=hashcat.git

Evil Bug: Because of not-zeroing a buffer it's possible a hash was cracked but not reported as cracked because it was not in scope, but when it was in scope it was already marked as cracked and therefore not reported
---

diff --git a/include/types.h b/include/types.h
index 9092ef1..6d65913 100644
--- a/include/types.h
+++ b/include/types.h
@@ -879,6 +879,10 @@ struct __hc_device_param
   uint    size_pws;
   uint    size_tmps;
   uint    size_hooks;
+  uint    size_bfs;
+  uint    size_combs;
+  uint    size_rules;
+  uint    size_rules_c;
   uint    size_root_css;
   uint    size_markov_css;
   uint    size_digests;
diff --git a/src/oclHashcat.c b/src/oclHashcat.c
index bdfb65d..8f8b07e 100644
--- a/src/oclHashcat.c
+++ b/src/oclHashcat.c
@@ -4495,7 +4495,14 @@ static void *thread_calc_stdin (void *p)
 
       device_param->pws_cnt = 0;
 
-      memset (device_param->pws_buf, 0, device_param->size_pws);
+      if (attack_kern == ATTACK_KERN_STRAIGHT)
+      {
+        run_kernel_bzero (device_param, device_param->d_rules_c, device_param->size_rules_c);
+      }
+      else if (attack_kern == ATTACK_KERN_COMBI)
+      {
+        run_kernel_bzero (device_param, device_param->d_combs_c, device_param->size_combs);
+      }
     }
   }
 
@@ -4538,6 +4545,8 @@ static void *thread_calc (void *p)
         run_cracker (device_param, pws_cnt);
 
         device_param->pws_cnt = 0;
+
+        run_kernel_bzero (device_param, device_param->d_bfs_c, device_param->size_bfs);
       }
 
       if (data.devices_status == STATUS_STOP_AT_CHECKPOINT) check_checkpoint ();
@@ -4756,7 +4765,14 @@ static void *thread_calc (void *p)
 
         device_param->pws_cnt = 0;
 
-        memset (device_param->pws_buf, 0, device_param->size_pws);
+        if (attack_kern == ATTACK_KERN_STRAIGHT)
+        {
+          run_kernel_bzero (device_param, device_param->d_rules_c, device_param->size_rules_c);
+        }
+        else if (attack_kern == ATTACK_KERN_COMBI)
+        {
+          run_kernel_bzero (device_param, device_param->d_combs_c, device_param->size_combs);
+        }
       }
 
       if (data.devices_status == STATUS_STOP_AT_CHECKPOINT) check_checkpoint ();
@@ -13682,9 +13698,13 @@ int main (int argc, char **argv)
       }
       */
 
-      device_param->size_pws   = size_pws;
-      device_param->size_tmps  = size_tmps;
-      device_param->size_hooks = size_hooks;
+      device_param->size_bfs     = size_bfs;
+      device_param->size_combs   = size_combs;
+      device_param->size_rules   = size_rules;
+      device_param->size_rules_c = size_rules_c;
+      device_param->size_pws     = size_pws;
+      device_param->size_tmps    = size_tmps;
+      device_param->size_hooks   = size_hooks;
 
       // do not confuse kernel_accel_max with kernel_accel here