fixed checks in -m 500 parser

2024-11-22 16:18:09 +00:00 · 2016-03-13 15:57:53 +01:00 · 2016-03-13 15:57:53 +01:00 · bc965c9c9b
commit bc965c9c9b
parent 57f1a73f0d
2 changed files with 7 additions and 1 deletions
--- a/docs/changes.txt
+++ b/docs/changes.txt
@ -155,6 +155,10 @@ Type.: Bug
 File.: Host
 Desc.: Fixed some checks in the parser of -m 111 = nsldaps, SSHA-1(Base64), Netscape LDAP SSHA

+Type.: Bug
+File.: Host
+Desc.: Fixed some checks in the parser of -m 500 = md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
+
 * changes v2.00 -> v2.01:

 Type.: Bug
--- a/src/shared.c
+++ b/src/shared.c
@ -10272,6 +10272,8 @@ int phpass_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)

 int md5crypt_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
 {
+  if (input_len < DISPLAY_LEN_MIN_500) return (PARSER_GLOBAL_LENGTH);
+
  if (memcmp (SIGNATURE_MD5CRYPT, input_buf, 3)) return (PARSER_SIGNATURE_UNMATCHED);

  u32 *digest = (u32 *) hash_buf->digest;
@ -10304,7 +10306,7 @@ int md5crypt_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)
    salt->salt_iter = ROUNDS_MD5CRYPT;
  }

-  if ((input_len < DISPLAY_LEN_MIN_500) || (input_len > (DISPLAY_LEN_MAX_500 + iterations_len))) return (PARSER_GLOBAL_LENGTH);
+  if (input_len > (DISPLAY_LEN_MAX_500 + iterations_len)) return (PARSER_GLOBAL_LENGTH);

  char *hash_pos = strchr (salt_pos, '$');