For short files (or, presumably, for very rare hashes on all files),
PasswordHashChecker would occasionally attempt to read before the start
or past the end of a file; avoid this with clamping (in two cases where
there is no potentially infinite iteration) or aborting (in the one
other case, where clamping might yield an infinite loop).
Change-Id: Ia1d4f527a2b8589ec43732e0e1a1cf80cb3e2bac
private boolean knownPasswordHash(byte[] passwordHash) throws IOException {
long targetEstimate = estimateHashOffset(passwordHash);
long bestGuess = targetEstimate;
private boolean knownPasswordHash(byte[] passwordHash) throws IOException {
long targetEstimate = estimateHashOffset(passwordHash);
long bestGuess = targetEstimate;
+ bestGuess = clampOffset(bestGuess);
hashBuffer.clear();
database.read(hashBuffer, bestGuess);
hashBuffer.clear();
database.read(hashBuffer, bestGuess);
break;
}
bestGuess = bestGuess + targetEstimate - bestGuessEstimate;
break;
}
bestGuess = bestGuess + targetEstimate - bestGuessEstimate;
+ bestGuess = clampOffset(bestGuess);
hashBuffer.clear();
database.read(hashBuffer, bestGuess);
}
hashBuffer.clear();
database.read(hashBuffer, bestGuess);
}
int newSearchDirection = searchDirection;
while (searchDirection == newSearchDirection) {
bestGuess += digestLength * searchDirection;
int newSearchDirection = searchDirection;
while (searchDirection == newSearchDirection) {
bestGuess += digestLength * searchDirection;
+ if (bestGuess < 0 || bestGuess >= database.size()) {
+ break;
+ }
hashBuffer.clear();
database.read(hashBuffer, bestGuess);
newSearchDirection = compareHashes(passwordHash, hashBuffer.array());
hashBuffer.clear();
database.read(hashBuffer, bestGuess);
newSearchDirection = compareHashes(passwordHash, hashBuffer.array());
/ (1L << 32);
return (pos / digestLength) * digestLength;
}
/ (1L << 32);
return (pos / digestLength) * digestLength;
}
+
+ private long clampOffset(long offset) throws IOException {
+ if (offset < 0) {
+ return 0;
+ }
+ if (offset >= database.size()) {
+ return database.size() - 1;
+ }
+ return offset;
+ }