Fixed out-of-boundary write in slow candidates mode in combinator attack

docs/changes.txt

@@ -17,6 +17,7 @@
 - Fixed false negative in hash-mode 15900 (DPAPI masterkey file v2) if password was longer than 64 characters
 - Fixed hashcat_ctx leak and refactor module and kernel existence checks
 - Fixed integer overflow in Recovered/Time status view column caused by division > 0 but < 1
+- Fixed out-of-boundary write in slow candidates mode in combinator attack
 
 ##
 ## Features

src/slow_candidates.c

@@ -313,11 +313,16 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info)
       break;
     }
 
-    memcpy (extra_info_combi->out_buf + extra_info_combi->out_len, line_buf, line_len);
+    // this can overflow so we move it up
 
     extra_info_combi->out_len += line_len;
 
-    memset (extra_info_combi->out_buf + extra_info_combi->out_len, 0, sizeof (extra_info_combi->out_buf) - extra_info_combi->out_len);
+    if (extra_info_combi->out_len <= sizeof (extra_info_combi->out_buf))
+    {
+      memcpy (extra_info_combi->out_buf + extra_info_combi->out_len, line_buf, line_len);
+
+      memset (extra_info_combi->out_buf + extra_info_combi->out_len, 0, sizeof (extra_info_combi->out_buf) - extra_info_combi->out_len);
+    }
 
     extra_info_combi->comb_pos_prev = extra_info_combi->comb_pos;