diff --git a/src/interface.c b/src/interface.c index e3fd78889..f49488741 100644 --- a/src/interface.c +++ b/src/interface.c @@ -2109,11 +2109,15 @@ static u32 parse_and_store_salt (u8 *out, u8 *in, u32 salt_len, MAYBE_UNUSED con if (hashconfig->opts_type & OPTS_TYPE_ST_ADD80) { + if (len >= 256) return UINT_MAX; + tmp[len++] = 0x80; } if (hashconfig->opts_type & OPTS_TYPE_ST_ADD01) { + if (len >= 256) return UINT_MAX; + tmp[len++] = 0x01; } @@ -11009,12 +11013,12 @@ int sip_auth_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_U u32 md5_max_len = 4 * 64; - u32 total_length = method_len + 1 + URI_prefix_len + URI_prefix_len + URI_resource_len + URI_suffix_len + URI_suffix_len; + u32 total_length = method_len + 1 + URI_prefix_len + URI_resource_len + URI_suffix_len; if (URI_prefix_len) total_length++; if (URI_suffix_len) total_length++; - if (total_length > md5_max_len) return (PARSER_SALT_LENGTH); + if (total_length >= md5_max_len) return (PARSER_SALT_LENGTH); u32 md5_remaining_len = md5_max_len;