diff --git a/docs/changes.txt b/docs/changes.txt index 5f40503bb..2335f80fe 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -159,6 +159,10 @@ Type.: Bug File.: Host Desc.: Fixed some checks in the parser of -m 500 = md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5 +Type.: Bug +File.: Host +Desc.: Fixed some checks in the parser of -m 1711 = SSHA-512(Base64), LDAP {SSHA512} + * changes v2.00 -> v2.01: Type.: Bug diff --git a/src/shared.c b/src/shared.c index 5acd74a84..b1dec839c 100644 --- a/src/shared.c +++ b/src/shared.c @@ -13154,6 +13154,8 @@ int sha512b64s_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf) int tmp_len = base64_decode (base64_to_int, (const u8 *) input_buf + 9, input_len - 9, tmp_buf); + if (tmp_len < 64) return (PARSER_HASH_LENGTH); + memcpy (digest, tmp_buf, 64); digest[0] = byte_swap_64 (digest[0]); @@ -13174,7 +13176,11 @@ int sha512b64s_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf) digest[6] -= SHA512M_G; digest[7] -= SHA512M_H; - salt->salt_len = tmp_len - 64; + int salt_len = tmp_len - 64; + + if (salt_len < 0) return (PARSER_SALT_LENGTH); + + salt->salt_len = salt_len; memcpy (salt->salt_buf, tmp_buf + 64, salt->salt_len);