From 09b2bb0ad72d4a7b29576232c57a1e87338f9cbd Mon Sep 17 00:00:00 2001
From: Jens Steube <jens.steube@gmail.com>
Date: Wed, 3 Jun 2020 12:51:38 +0200
Subject: [PATCH] Fixed a buffer overflow in module_hash_decode() of -m 15500

---
 src/modules/module_15500.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/modules/module_15500.c b/src/modules/module_15500.c
index 6e714bce3..f61e3b289 100644
--- a/src/modules/module_15500.c
+++ b/src/modules/module_15500.c
@@ -197,9 +197,7 @@ int module_hash_decode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
 
   // alias
 
-  const u8 *alias_pos = token.buf[6];
-
-  strncpy ((char *) jks_sha1->alias, (const char *) alias_pos, 64);
+  memcpy ((char *) jks_sha1->alias, (const char *) token.buf[6], token.len[6]);
 
   // fake salt
 
@@ -237,6 +235,10 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
 
   u8 *der = (u8 *) jks_sha1->der;
 
+  char alias[65] = { 0 };
+
+  memcpy (alias, (char *) jks_sha1->alias, 64);
+
   const int line_len = snprintf (line_buf, line_size, "%s*%08X%08X%08X%08X%08X*%08X%08X%08X%08X%08X*%s*%02X*%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X*%s",
     SIGNATURE_JKS_SHA1,
     byte_swap_32 (jks_sha1->checksum[0]),
@@ -265,7 +267,7 @@ int module_hash_encode (MAYBE_UNUSED const hashconfig_t *hashconfig, MAYBE_UNUSE
     der[17],
     der[18],
     der[19],
-    (char *) jks_sha1->alias
+    alias
   );
 
   return line_len;