github/thc-hydra
1
0
Fork 0
mirror of https://github.com/vanhauser-thc/thc-hydra.git synced 2025-08-20 13:23:57 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #229 from Diadlo/null_deref

Browse source 
Null deref
This commit is contained in:
van Hauser 2017-06-11 14:24:08 +02:00 committed by GitHub
commit cdfce6b977
4 changed files with 13 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

8
hydra-mod.c
View file

@ -1043,15 +1043,15 @@ char *hydra_strrep(char *string, char *oldpiece, char *newpiece) {
char *c, oldstring[6096], newstring[6096]; //updated due to issue 192 on github. char *c, oldstring[6096], newstring[6096]; //updated due to issue 192 on github.
static char finalstring[6096]; static char finalstring[6096];
if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1
|| (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece)))
return NULL;
if (strlen(string) > 6000) { if (strlen(string) > 6000) {
hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6000 characters.\n"); hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6000 characters.\n");
exit(-1); exit(-1);
} }
if (string == NULL || oldpiece == NULL || newpiece == NULL || strlen(string) >= sizeof(oldstring) - 1
|| (strlen(string) + strlen(newpiece) - strlen(oldpiece) >= sizeof(newstring) - 1 && strlen(string) > strlen(oldpiece)))
return NULL;
strcpy(newstring, string); strcpy(newstring, string);
strcpy(oldstring, string); strcpy(oldstring, string);

8
hydra-sip.c
View file

@ -32,7 +32,11 @@ void empty_register(char *buf, char *host, char *lhost, int port, int lport, cha
"REGISTER sip:%s SIP/2.0\r\n" "REGISTER sip:%s SIP/2.0\r\n"
"Via: SIP/2.0/UDP %s:%i\r\n" "Via: SIP/2.0/UDP %s:%i\r\n"
"From: <sip:%s@%s>\r\n" "From: <sip:%s@%s>\r\n"
"To: <sip:%s@%s>\r\n" "Call-ID: 1337@%s\r\n" "CSeq: %i REGISTER\r\n" "Content-Length: 0\r\n\r\n", host, lhost, lport, user, host, user, host, host, cseq); "To: <sip:%s@%s>\r\n"
"Call-ID: 1337@%s\r\n"
"CSeq: %i REGISTER\r\n"
"Content-Length: 0\r\n\r\n",
host, lhost, lport, user, host, user, host, host, cseq);
} }
int get_sip_code(char *buf) { int get_sip_code(char *buf) {
@ -50,7 +54,7 @@ int start_sip(int s, char *ip, char *lip, int port, int lport, unsigned char opt
char buf[SIP_MAX_BUF]; char buf[SIP_MAX_BUF];
if (strlen(login = hydra_get_next_login()) == 0) if (strlen(login = hydra_get_next_login()) == 0)
login = NULL; return 3;
if (strlen(pass = hydra_get_next_password()) == 0) if (strlen(pass = hydra_get_next_password()) == 0)
pass = NULL; pass = NULL;

3
hydra-xmpp.c
View file

@ -338,8 +338,7 @@ void service_xmpp(char *target, char *ip, int sp, unsigned char options, char *m
do { do {
if ((buf = hydra_receive_line(sock)) == NULL) { if ((buf = hydra_receive_line(sock)) == NULL) {
/* no auth method identified */ /* no auth method identified */
hydra_report(stderr, "[ERROR] no authentication methods can be identified %s\n", buf); hydra_report(stderr, "[ERROR] no authentication methods can be identified\n");
free(buf);
hydra_child_exit(1); hydra_child_exit(1);
} }

2
hydra.c
View file

@ -3173,7 +3173,7 @@ int main(int argc, char *argv[]) {
cond = strtok(NULL, ":"); cond = strtok(NULL, ":");
optional1 = strtok(NULL, "\n"); optional1 = strtok(NULL, "\n");
if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL)) { if ((variables == NULL) || (strstr(variables, "^USER^") == NULL && strstr(variables, "^PASS^") == NULL)) {
fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^ or ^PASS^: %s\n", variables); fprintf(stderr, "[ERROR] the variables argument needs at least the strings ^USER^ or ^PASS^: %s\n", STR_NULL(variables));
exit(-1); exit(-1);
} }
if ((url == NULL) || (cond == NULL)) { if ((url == NULL) || (cond == NULL)) {