OpenCL formats: Fix many bugs in host code

Detected through testing with POCL in an ASan-enabled build.

Fixes #5882

Author: solardiz

src/formats.c

@@ -602,11 +602,11 @@ static char* is_key_right(struct fmt_main *format, int index,
 		return err_buf;
 	}
 
-	if (match == 0) {
+	if (match <= 0) {
 		if (options.verbosity > VERB_LEGACY)
-			snprintf(err_buf, sizeof(err_buf), "crypt_all(%d) zero return %s", index + 1, ciphertext);
+			snprintf(err_buf, sizeof(err_buf), "crypt_all(%d) = %d for %s", index + 1, match, ciphertext);
 		else
-			sprintf(err_buf, "crypt_all(%d) zero return", index + 1);
+			sprintf(err_buf, "crypt_all(%d) = %d", index + 1, match);
 		return err_buf;
 	}
 

src/formats.h

@@ -383,7 +383,8 @@ struct fmt_methods {
  * The count is passed by reference and must be updated by crypt_all() if it
  * computes other than the requested count (such as if it generates additional
  * candidate passwords on its own).  The updated count is used for c/s rate
- * calculation.  The return value is thus in the 0 to updated *count range. */
+ * calculation.  The return value is thus in the 0 to updated *count range.
+ * As an exception, a -1 return is used on error during OpenCL auto-tune. */
 	int (*crypt_all)(int *count, struct db_salt *salt);
 
 /* These functions calculate a hash out of a ciphertext that has just been

src/krb5_tgs_common_plug.c

@@ -158,7 +158,7 @@ void *krb5tgs_get_salt(char *ciphertext)
 
 	/* Now build dynamic salt and return a pointer to a pointer to it */
 	static krb5tgs_salt *psalt;
-	psalt = mem_calloc(1, sizeof(krb5tgs_salt) + edata2len);
+	psalt = mem_calloc(1, sizeof(krb5tgs_salt) + edata2len - 1);
 	memcpy(psalt->edata1, edata1, 16);
 	psalt->edata2len = edata2len;
 

src/opencl_argon2_fmt_plug.c

@@ -983,20 +983,21 @@ static void set_salt(void *salt)
 static void kp_set_salt(void *salt)
 {
 	keepass_salt = *((keepass_salt_t**)salt);
+	size_t cur_salt_size = sizeof(keepass_salt_t) + keepass_salt->content_size - 1;
 
 	// The KeePass salt is dynamic size, but starts off with a plain
 	// Argon2 salt after the dyna_salt_t header
 	memcpy(&saved_salt, &keepass_salt->t_cost, sizeof(struct argon2_salt));
 
-	if (sizeof(keepass_salt_t) + keepass_salt->content_size - 1 > keepass_saltsize) {
+	if (cur_salt_size > keepass_saltsize) {
 		CLRELEASEBUFFER(cl_keepass_salt);
-		keepass_saltsize = sizeof(keepass_salt_t) + keepass_salt->content_size - 1;
+		keepass_saltsize = cur_salt_size;
 		CLCREATEBUFFER(cl_keepass_salt, CL_RO, keepass_saltsize);
 		CLKERNELARG(keepass_init, 1, cl_keepass_salt);
 		//CLKERNELARG(keepass_argon2, 1, cl_keepass_salt);
 		CLKERNELARG(keepass_final, 1, cl_keepass_salt);
 	}
-	CLWRITE(cl_keepass_salt, CL_FALSE, 0, keepass_saltsize, keepass_salt, NULL);
+	CLWRITE(cl_keepass_salt, CL_FALSE, 0, cur_salt_size, keepass_salt, NULL);
 	HANDLE_CLERROR(clFlush(queue[gpu_id]), "clFlush failed in keepass_set_salt()");
 }
 

src/opencl_keepass_fmt_plug.c

@@ -265,13 +265,15 @@ static char *get_key(int index)
 	return ret;
 }
 
+/* The logic below is duplicated in opencl_argon2_fmt_plug.c: kp_set_salt() */
 static void set_salt(void *salt)
 {
 	keepass_salt = *((keepass_salt_t**)salt);
+	size_t cur_salt_size = sizeof(keepass_salt_t) + keepass_salt->content_size - 1;
 
-	if (sizeof(keepass_salt_t) + keepass_salt->content_size - 1 > saltsize) {
+	if (cur_salt_size > saltsize) {
 		CLRELEASEBUFFER(mem_salt);
-		saltsize = sizeof(keepass_salt_t) + keepass_salt->content_size - 1;
+		saltsize = cur_salt_size;
 		CLCREATEBUFFER(mem_salt, CL_RO, saltsize);
 		CLKERNELARG(kernel_init, 1, mem_salt);
 		CLKERNELARG(kernel_loop_aes, 1, mem_salt);
@@ -281,7 +283,7 @@ static void set_salt(void *salt)
 #endif
 	}
 
-	CLWRITE(mem_salt, CL_FALSE, 0, saltsize, keepass_salt, NULL);
+	CLWRITE(mem_salt, CL_FALSE, 0, cur_salt_size, keepass_salt, NULL);
 	CLWRITE(mem_autotune, CL_FALSE, 0, sizeof(ocl_autotune_running),
 	        &ocl_autotune_running, NULL);
 	HANDLE_CLERROR(clFlush(queue[gpu_id]), "clFlush failed in set_salt()");

src/opencl_krb5_tgs_fmt_plug.c

@@ -99,7 +99,7 @@ static void create_clobj(size_t gws, struct fmt_main *self)
 	intkeysize = sizeof(cl_uint) * gws;
 	statesize = sizeof(krb5tgs_state) * gws * mask_int_cand.num_int_cand;
 	outsize = sizeof(krb5tgs_out) * gws * mask_int_cand.num_int_cand;
-	saltsize = sizeof(krb5tgs_salt) + krb5tgs_max_data_len;
+	saltsize = sizeof(krb5tgs_salt) + krb5tgs_max_data_len - 1;
 
 	pinned_key = clCreateBuffer(context[gpu_id], CL_MEM_READ_ONLY | CL_MEM_HOST_WRITE_ONLY | CL_MEM_ALLOC_HOST_PTR, insize, NULL, &ret_code);
 	if (ret_code == CL_SUCCESS)
@@ -284,12 +284,13 @@ static void reset(struct db_main *db)
 static void set_salt(void *salt)
 {
 	cur_salt = *(krb5tgs_salt**)salt;
+	size_t cur_salt_size = sizeof(krb5tgs_salt) + cur_salt->edata2len - 1;
 
 	if (cur_salt->edata2len > krb5tgs_max_data_len)
 		error_msg("This should not happen, please report.");
 
 	HANDLE_CLERROR(clEnqueueWriteBuffer(queue[gpu_id], cl_salt, CL_FALSE, 0,
-	                                    saltsize, cur_salt, 0, NULL, NULL),
+	                                    cur_salt_size, cur_salt, 0, NULL, NULL),
 	               "Failed transferring salt");
 	HANDLE_CLERROR(clFlush(queue[gpu_id]), "clFlush failed in set_salt()");
 }

src/opencl_o5logon_fmt_plug.c

@@ -298,7 +298,8 @@ static int crypt_all(int *pcount, struct db_salt *salt)
 		for (int i = count; i <= gws; i++)
 			key_idx[i] = key_buf_end;
 
-		CLWRITE_CRYPT(cl_key_buf, CL_FALSE, key_offset, key_buf_end - key_offset, key_buf + key_offset, multi_profilingEvent[0]);
+		if (key_buf_end != key_offset)
+			CLWRITE_CRYPT(cl_key_buf, CL_FALSE, key_offset, key_buf_end - key_offset, key_buf + key_offset, multi_profilingEvent[0]);
 		CLWRITE_CRYPT(cl_key_idx, CL_FALSE, idx_offset, 4 * (gws + 1) - idx_offset, key_idx + (idx_offset / 4), multi_profilingEvent[1]);
 
 		if (!mask_gpu_is_static)

src/opencl_pdf_fmt_plug.c

@@ -348,7 +348,8 @@ static int crypt_all(int *pcount, struct db_salt *salt)
 		for (int i = count; i <= gws; i++)
 			saved_idx[i] = key_idx;
 
-		CLWRITE_CRYPT(cl_saved_key, CL_FALSE, key_offset, key_idx - key_offset, saved_key + key_offset, multi_profilingEvent[0]);
+		if (key_idx != key_offset)
+			CLWRITE_CRYPT(cl_saved_key, CL_FALSE, key_offset, key_idx - key_offset, saved_key + key_offset, multi_profilingEvent[0]);
 		CLWRITE_CRYPT(cl_saved_idx, CL_FALSE, idx_offset, 4 * (gws + 1) - idx_offset, saved_idx + (idx_offset / 4), multi_profilingEvent[1]);
 
 		if (!mask_gpu_is_static)

src/opencl_rawmd4_fmt_plug.c

@@ -291,7 +291,7 @@ static char *split(char *ciphertext, int index, struct fmt_main *self)
 
 static void *get_binary(char *ciphertext)
 {
-	static uint32_t out[DIGEST_SIZE];
+	static uint32_t out[DIGEST_SIZE / 4];
 	char *p;
 	int i;
 	p = ciphertext + TAG_LENGTH;

src/opencl_rawmd5_fmt_plug.c

@@ -316,7 +316,7 @@ static char *split(char *ciphertext, int index, struct fmt_main *self)
 
 static void *get_binary(char *ciphertext)
 {
-	static uint32_t out[DIGEST_SIZE];
+	static uint32_t out[DIGEST_SIZE / 4];
 	char *p;
 	int i;
 	p = ciphertext + TAG_LENGTH;