From 9b75b245d59c2cf8d63ff106878a5f62b102b067 Mon Sep 17 00:00:00 2001 From: philsmd Date: Tue, 29 Mar 2016 09:49:05 +0200 Subject: [PATCH] fixed base64_decode () input length validation for -m 8900 --- docs/changes.txt | 4 ++++ src/shared.c | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/docs/changes.txt b/docs/changes.txt index a7bdc9d..b5fdc97 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -175,6 +175,10 @@ Type.: Bug File.: Host Desc.: Fixed some checks in the parser of -m 5600 = NetNTLMv2 +Type.: Bug +File.: Host +Desc.: Fixed some checks in the parser of -m 8900 = scrypt + * changes v2.00 -> v2.01: Type.: Bug diff --git a/src/shared.c b/src/shared.c index aeb914f..a10a4e7 100644 --- a/src/shared.c +++ b/src/shared.c @@ -14688,9 +14688,13 @@ int scrypt_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf) // base64 decode + int salt_len_base64 = hash_pos - saltbuf_pos; + + if (salt_len_base64 > 45) return (PARSER_SALT_LENGTH); + u8 tmp_buf[33] = { 0 }; - int tmp_len = base64_decode (base64_to_int, (const u8 *) saltbuf_pos, hash_pos - saltbuf_pos, tmp_buf); + int tmp_len = base64_decode (base64_to_int, (const u8 *) saltbuf_pos, salt_len_base64, tmp_buf); char *salt_buf_ptr = (char *) salt->salt_buf; -- 2.25.1