From 2d67764bbf3db8cbce7e2f364a510a73a84480be Mon Sep 17 00:00:00 2001 From: Dario Lombardo Date: Fri, 18 Aug 2017 21:26:29 +0200 Subject: [PATCH 1/6] mod: fix warning (found by ccc-analyzer). --- hydra-mod.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/hydra-mod.c b/hydra-mod.c index e58d102..d568571 100644 --- a/hydra-mod.c +++ b/hydra-mod.c @@ -288,9 +288,9 @@ int32_t internal__hydra_connect(char *host, int32_t port, int32_t protocol, int3 if (debug) printf("DEBUG_CONNECT_PROXY_OK\n"); } else { - if (debug) + if (debug && tmpptr) printf("DEBUG_CONNECT_PROXY_FAILED (Code: %c%c%c)\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2)); - if (verbose) + if (verbose && tmpptr) fprintf(stderr, "[ERROR] CONNECT call to proxy failed with code %c%c%c\n", *tmpptr, *(tmpptr + 1), *(tmpptr + 2)); err = 1; } @@ -948,7 +948,6 @@ char *hydra_receive_line(int32_t socket) { } else { if (debug) printf("[DEBUG] hydra_data_ready_timed: %d, waittime: %d, conwait: %d, socket: %d\n", i, waittime, conwait, socket); - i = 0; } if (got < 0) { From 995c6d2385f9cfa29a16a7a0dc413490c7a2b904 Mon Sep 17 00:00:00 2001 From: Dario Lombardo Date: Fri, 18 Aug 2017 21:29:23 +0200 Subject: [PATCH 2/6] vnc: fix use after-free (found by ccc-analyzer). --- hydra-vnc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-vnc.c b/hydra-vnc.c index ee8f582..6dc3cdd 100644 --- a/hydra-vnc.c +++ b/hydra-vnc.c @@ -135,8 +135,8 @@ int32_t start_vnc(int32_t s, char *ip, int32_t port, unsigned char options, char return 3; return 1; default: - free(buf); hydra_report(stderr, "[ERROR] unknown VNC server security result %d\n", buf[3]); + free(buf); return 1; } From bb734b2c90fff632c5f9dbfb7e6f0de8a7d2b538 Mon Sep 17 00:00:00 2001 From: Dario Lombardo Date: Fri, 18 Aug 2017 21:34:57 +0200 Subject: [PATCH 3/6] cisco: use strstr only on non-null var (found by ccc-analyzer). --- hydra-cisco.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/hydra-cisco.c b/hydra-cisco.c index 6a65f77..32d0e20 100644 --- a/hydra-cisco.c +++ b/hydra-cisco.c @@ -127,7 +127,7 @@ void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, F switch (run) { case 1: /* connect and service init function */ { - unsigned char *buf2; + unsigned char *buf2 = NULL; int32_t f = 0; if (sock >= 0) @@ -151,9 +151,10 @@ void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, F hydra_child_exit(1); } do { - if (f != 0) + if (f != 0) { free(buf2); - else + buf2 = NULL; + } else f = 1; if ((buf2 = (unsigned char *) hydra_receive_line(sock)) == NULL) { if (failc < retry) { @@ -169,7 +170,7 @@ void service_cisco(char *ip, int32_t sp, unsigned char options, char *miscptr, F } if (buf2 != NULL && hydra_strcasestr((char*)buf2, "ress ENTER") != NULL) hydra_send(sock, "\r\n", 2, 0); - } while (strstr((char *) buf2, "assw") == NULL); + } while (buf2 != NULL && strstr((char *) buf2, "assw") == NULL); free(buf2); if (next_run != 0) break; From 82be691b9d34f0f743f4e37c40c9c1f9cfca099e Mon Sep 17 00:00:00 2001 From: Dario Lombardo Date: Fri, 18 Aug 2017 21:37:29 +0200 Subject: [PATCH 4/6] vmauthd: don't use freed mem (found by ccc-analyzer). --- hydra-vmauthd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hydra-vmauthd.c b/hydra-vmauthd.c index 7ed6174..95ba53f 100644 --- a/hydra-vmauthd.c +++ b/hydra-vmauthd.c @@ -108,8 +108,8 @@ void service_vmauthd(char *ip, int32_t sp, unsigned char options, char *miscptr, hydra_child_exit(2); } if ((strstr(buf, "Version 1.00") == NULL) && (strstr(buf, "Version 1.10") == NULL)) { - free(buf); hydra_report(stderr, "[ERROR] this vmware authd protocol is not supported, please report: %s\n", buf); + free(buf); hydra_child_exit(2); } //by default this service is waiting for ssl connections From 8c42e0007b3f24c31022918aae0c7302dbec67b2 Mon Sep 17 00:00:00 2001 From: Dario Lombardo Date: Fri, 18 Aug 2017 21:41:00 +0200 Subject: [PATCH 5/6] radmin2: cast calloc output (found by ccc-analyzer). --- hydra-radmin2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hydra-radmin2.c b/hydra-radmin2.c index cba0431..e72c838 100644 --- a/hydra-radmin2.c +++ b/hydra-radmin2.c @@ -86,7 +86,7 @@ char *message2buffer(struct rmessage *msg) { switch(msg->type) { case 0x1b: //Challenge request - data = calloc (10, sizeof(unsigned char)); + data = (char *)calloc (10, sizeof(char)); if(data == NULL) { hydra_report(stderr, "calloc failure\n"); hydra_child_exit(0); @@ -97,7 +97,7 @@ char *message2buffer(struct rmessage *msg) { memcpy((data+9), &msg->type, sizeof(char)); break; case 0x09: - data = calloc (42, sizeof(unsigned char)); + data = (char *)calloc (42, sizeof(char)); if(data == NULL) { hydra_report(stderr, "calloc failure\n"); hydra_child_exit(0); From 0ed3bef2db833b0106831cd12d7908fc3e429c46 Mon Sep 17 00:00:00 2001 From: Dario Lombardo Date: Fri, 18 Aug 2017 21:55:47 +0200 Subject: [PATCH 6/6] hydra.c: make proper allocation and casts when using malloc. --- hydra.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hydra.c b/hydra.c index f068807..833f258 100644 --- a/hydra.c +++ b/hydra.c @@ -894,7 +894,7 @@ void hydra_restore_read() { if (debug) printf("[DEBUG] reading restore file: Step 10 complete\n"); - hydra_targets = malloc((hydra_brains.targets + 3) * sizeof(hydra_targets)); + hydra_targets = (hydra_target **) malloc((hydra_brains.targets + 3) * sizeof(hydra_target*)); for (j = 0; j < hydra_brains.targets; j++) { hydra_targets[j] = malloc(sizeof(hydra_target)); fck = (int32_t) fread(hydra_targets[j], sizeof(hydra_target), 1, f); @@ -3397,7 +3397,7 @@ int32_t main(int32_t argc, char *argv[]) { four_from = (addr4 & l); l = 1 << (32 - k); hydra_brains.targets = countservers = l; - hydra_targets = malloc(sizeof(hydra_target*) * (l + 2) + 8); + hydra_targets = (hydra_target**)malloc(sizeof(hydra_target*) * (l + 2) + 8); if (hydra_targets == NULL) bail("Could not allocate enough memory for target data"); i = 0;