From 84cf5e70e7331ebd7c4c3134ab8f058601a70e5a Mon Sep 17 00:00:00 2001
From: Jens Steube <jens.steube@gmail.com>
Date: Thu, 24 Jun 2021 13:13:02 +0200
Subject: [PATCH] Fixed out-of-boundary write in slow candidates mode in
 combinator attack update

---
 src/slow_candidates.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/slow_candidates.c b/src/slow_candidates.c
index a9675e13e..882f88c52 100644
--- a/src/slow_candidates.c
+++ b/src/slow_candidates.c
@@ -315,14 +315,18 @@ void slow_candidates_next (hashcat_ctx_t *hashcat_ctx, void *extra_info)
 
     // this can overflow so we move it up
 
-    extra_info_combi->out_len += line_len;
-
-    if (extra_info_combi->out_len <= sizeof (extra_info_combi->out_buf))
+	if ((extra_info_combi->out_len + line_len) <= sizeof (extra_info_combi->out_buf))
     {
       memcpy (extra_info_combi->out_buf + extra_info_combi->out_len, line_buf, line_len);
 
+      extra_info_combi->out_len += line_len;
+
       memset (extra_info_combi->out_buf + extra_info_combi->out_len, 0, sizeof (extra_info_combi->out_buf) - extra_info_combi->out_len);
     }
+	else
+    {
+      extra_info_combi->out_len += line_len;
+    }
 
     extra_info_combi->comb_pos_prev = extra_info_combi->comb_pos;