From 2dd027af65b2fec951e9a9afb0b3959c55510b57 Mon Sep 17 00:00:00 2001
From: Jens Steube <jens.steube@gmail.com>
Date: Tue, 21 Feb 2017 13:09:00 +0100
Subject: [PATCH] Make sure to zero scratch buffer for WPA/WPA2 and LUKS

---
 src/hashes.c    | 35 +++++++++++++++++++++++++++++++++++
 src/interface.c |  2 ++
 2 files changed, 37 insertions(+)

diff --git a/src/hashes.c b/src/hashes.c
index 1660d9876..8af825f5b 100644
--- a/src/hashes.c
+++ b/src/hashes.c
@@ -721,6 +721,16 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
           memset (hashes_buf[0].salt, 0, sizeof (salt_t));
         }
 
+        if (hashconfig->esalt_size)
+        {
+          memset (hashes_buf[0].esalt, 0, hashconfig->esalt_size);
+        }
+
+        if (hashconfig->hook_salt_size)
+        {
+          memset (hashes_buf[0].hook_salt, 0, hashconfig->hook_salt_size);
+        }
+
         int parser_status = PARSER_OK;
 
         if (hashconfig->hash_mode == 2500)
@@ -753,6 +763,21 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
               break;
             }
 
+            if (hashconfig->is_salted)
+            {
+              memset (hashes_buf[hashes_cnt].salt, 0, sizeof (salt_t));
+            }
+
+            if (hashconfig->esalt_size)
+            {
+              memset (hashes_buf[hashes_cnt].esalt, 0, hashconfig->esalt_size);
+            }
+
+            if (hashconfig->hook_salt_size)
+            {
+              memset (hashes_buf[hashes_cnt].hook_salt, 0, hashconfig->hook_salt_size);
+            }
+
             parser_status = hashconfig->parse_func ((u8 *) in, sizeof (hccapx_t), &hashes_buf[hashes_cnt], hashconfig);
 
             if (parser_status != PARSER_OK)
@@ -961,6 +986,16 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
           memset (hashes_buf[hashes_cnt].salt, 0, sizeof (salt_t));
         }
 
+        if (hashconfig->esalt_size)
+        {
+          memset (hashes_buf[hashes_cnt].esalt, 0, hashconfig->esalt_size);
+        }
+
+        if (hashconfig->hook_salt_size)
+        {
+          memset (hashes_buf[hashes_cnt].hook_salt, 0, hashconfig->hook_salt_size);
+        }
+
         if (hashconfig->hash_mode == 3000)
         {
           if (hash_len == 32)
diff --git a/src/interface.c b/src/interface.c
index ab8d11a70..5c5efc955 100644
--- a/src/interface.c
+++ b/src/interface.c
@@ -2826,6 +2826,8 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED
 
   u32 block[16];
 
+  memset (block, 0, sizeof (block));
+
   u8 *block_ptr = (u8 *) block;
 
   for (int i = 0; i < 16; i++) block[i] = salt->salt_buf[i];