From: Fist0urs <eddy.maaalou@gmail.com>
Date: Wed, 2 Mar 2016 09:31:54 +0000 (+0100)
Subject: -m 13100 Fix overflow in input hash parsing
X-Git-Tag: v3.00-beta~215^2
X-Git-Url: https://www.flypig.org.uk/git/?a=commitdiff_plain;h=9811a2109888ac57e4ce3c993624dc577a24e600;p=hashcat.git

-m 13100 Fix overflow in input hash parsing
---

diff --git a/src/shared.c b/src/shared.c
index 3df67b7..8c4ec58 100644
--- a/src/shared.c
+++ b/src/shared.c
@@ -18832,8 +18832,10 @@ int krb5tgs_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
 
   char *edata_ptr = (char *) krb5tgs->edata2;
 
+  krb5tgs->edata2_len = (data_len - 32) / 2 ;
+
   /* skip '$' */
-  for (uint i = 16 * 2 + 1; i < input_len; i += 2)
+  for (uint i = 16 * 2 + 1; i < (krb5tgs->edata2_len * 2) + (16 * 2 + 1); i += 2)
   {
     const char p0 = data_pos[i + 0];
     const char p1 = data_pos[i + 1];
@@ -18844,8 +18846,6 @@ int krb5tgs_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
  /* this is needed for hmac_md5 */
   *edata_ptr++ = 0x80;
 
-  krb5tgs->edata2_len = (data_len - 32) / 2 ;
-
   salt->salt_buf[0] = krb5tgs->checksum[0];
   salt->salt_buf[1] = krb5tgs->checksum[1];
   salt->salt_buf[2] = krb5tgs->checksum[2];