mirror of
https://github.com/hashcat/hashcat.git
synced 2024-11-22 16:18:09 +00:00
fixed -m 10200 = Cram MD5 parser: check for NULL pointers ASAP, check base64 input length
This commit is contained in:
parent
496522c64a
commit
b3dfd7057e
@ -184,6 +184,10 @@ Type.: Bug
|
|||||||
File.: Host
|
File.: Host
|
||||||
Desc.: Fixed some checks in the parser of -m 8900 = scrypt
|
Desc.: Fixed some checks in the parser of -m 8900 = scrypt
|
||||||
|
|
||||||
|
Type.: Bug
|
||||||
|
File.: Host
|
||||||
|
Desc.: Fixed some checks in the parser of -m 10200 = Cram MD5
|
||||||
|
|
||||||
* changes v2.00 -> v2.01:
|
* changes v2.00 -> v2.01:
|
||||||
|
|
||||||
Type.: Bug
|
Type.: Bug
|
||||||
|
12
src/shared.c
12
src/shared.c
@ -16182,16 +16182,18 @@ int crammd5_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
|
|||||||
|
|
||||||
char *hash_pos = strchr (salt_pos, '$');
|
char *hash_pos = strchr (salt_pos, '$');
|
||||||
|
|
||||||
uint salt_len = hash_pos - salt_pos;
|
|
||||||
|
|
||||||
if (hash_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
|
if (hash_pos == NULL) return (PARSER_SEPARATOR_UNMATCHED);
|
||||||
|
|
||||||
|
uint salt_len = hash_pos - salt_pos;
|
||||||
|
|
||||||
hash_pos++;
|
hash_pos++;
|
||||||
|
|
||||||
uint hash_len = input_len - 10 - salt_len - 1;
|
uint hash_len = input_len - 10 - salt_len - 1;
|
||||||
|
|
||||||
// base64 decode salt
|
// base64 decode salt
|
||||||
|
|
||||||
|
if (salt_len > 133) return (PARSER_SALT_LENGTH);
|
||||||
|
|
||||||
u8 tmp_buf[100] = { 0 };
|
u8 tmp_buf[100] = { 0 };
|
||||||
|
|
||||||
salt_len = base64_decode (base64_to_int, (const u8 *) salt_pos, salt_len, tmp_buf);
|
salt_len = base64_decode (base64_to_int, (const u8 *) salt_pos, salt_len, tmp_buf);
|
||||||
@ -16204,12 +16206,16 @@ int crammd5_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
|
|||||||
|
|
||||||
salt->salt_len = salt_len;
|
salt->salt_len = salt_len;
|
||||||
|
|
||||||
// base64 decode salt
|
// base64 decode hash
|
||||||
|
|
||||||
|
if (hash_len > 133) return (PARSER_HASH_LENGTH);
|
||||||
|
|
||||||
memset (tmp_buf, 0, sizeof (tmp_buf));
|
memset (tmp_buf, 0, sizeof (tmp_buf));
|
||||||
|
|
||||||
hash_len = base64_decode (base64_to_int, (const u8 *) hash_pos, hash_len, tmp_buf);
|
hash_len = base64_decode (base64_to_int, (const u8 *) hash_pos, hash_len, tmp_buf);
|
||||||
|
|
||||||
|
if (hash_len < 32 + 1) return (PARSER_SALT_LENGTH);
|
||||||
|
|
||||||
uint user_len = hash_len - 32;
|
uint user_len = hash_len - 32;
|
||||||
|
|
||||||
const u8 *tmp_hash = tmp_buf + user_len;
|
const u8 *tmp_hash = tmp_buf + user_len;
|
||||||
|
Loading…
Reference in New Issue
Block a user