Fixed buffer overflow in -m 1800 in -O mode which is optimized to handle only password candidates up to length 15

OpenCL/m01800-optimized.cl

@@ -188,7 +188,7 @@ KERNEL_FQ void m01800_init (KERN_ATTR_TMPS (sha512crypt_tmp_t))
   w0[2] = pws[gid].i[2];
   w0[3] = pws[gid].i[3];
 
-  const u32 pw_len = pws[gid].pw_len & 63;
+  const u32 pw_len = pws[gid].pw_len & 15;
 
   /**
    * salt
@@ -315,7 +315,7 @@ KERNEL_FQ void m01800_loop (KERN_ATTR_TMPS (sha512crypt_tmp_t))
   l_p_bytes0[0] = tmps[gid].l_p_bytes[0];
   l_p_bytes0[1] = tmps[gid].l_p_bytes[1];
 
-  const u32 pw_len = pws[gid].pw_len & 63;
+  const u32 pw_len = pws[gid].pw_len & 15;
 
   u64 l_s_bytes0[2];
 

docs/changes.txt

@@ -41,6 +41,7 @@
 ##
 
 - Fixed both false negative and false positive result in -m 3000 in -a 3 (affected only NVIDIA GPU) 
+- Fixed buffer overflow in -m 1800 in -O mode which is optimized to handle only password candidates up to length 15
 - Fixed incorrect maximum password length support for -m 400 in optimized mode (reduced from 55 to 39)
 - Fixed internal access on module option attribute OPTS_TYPE_SUGGEST_KG with the result that it was unused
 - Fixed invalid handling of outfile folder entries for -m 22000