From: philsmd <philsmd@hashcat.net>
Date: Fri, 11 Mar 2016 16:55:19 +0000 (+0100)
Subject: added some checks to the -m 111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA parser
X-Git-Tag: v3.00-beta~179^2
X-Git-Url: https://www.flypig.org.uk/git/?a=commitdiff_plain;h=b755e5b6f394380053881357071994087a2ef1e4;p=hashcat.git

added some checks to the -m 111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA parser
---

diff --git a/docs/changes.txt b/docs/changes.txt
index 9fb748f..231117b 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -151,6 +151,10 @@ Type.: Bug
 File.: Host
 Desc.: Fixed a bug in line counter: Conditional jump or move depends on uninitialised value
 
+Type.: Bug
+File.: Host
+Desc.: Fixed some checks in the parser of -m 111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
+
 * changes v2.00 -> v2.01:
 
 Type.: Bug
diff --git a/src/shared.c b/src/shared.c
index 8c9f225..9932806 100644
--- a/src/shared.c
+++ b/src/shared.c
@@ -11639,9 +11639,15 @@ int sha1b64s_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
 
   int tmp_len = base64_decode (base64_to_int, (const u8 *) input_buf + 6, input_len - 6, tmp_buf);
 
+  if (tmp_len < 20) return (PARSER_HASH_LENGTH);
+
   memcpy (digest, tmp_buf, 20);
 
-  salt->salt_len = tmp_len - 20;
+  int salt_len = tmp_len - 20;
+
+  if (salt_len < 0) return (PARSER_SALT_LENGTH);
+
+  salt->salt_len = salt_len;
 
   memcpy (salt->salt_buf, tmp_buf + 20, salt->salt_len);