Merge pull request #281 from philsmd/master

fixed base64_decode () input length validation for -m 8900
8 years ago · d0e7ee6824
parent 88fafeb928 9b75b245d5
commit d0e7ee6824
2 changed files with 9 additions and 1 deletions
--- a/docs/changes.txt
+++ b/docs/changes.txt
@ -175,6 +175,10 @@ Type.: Bug
 File.: Host
 Desc.: Fixed some checks in the parser of -m 5600 = NetNTLMv2

+Type.: Bug
+File.: Host
+Desc.: Fixed some checks in the parser of -m 8900 = scrypt
+
 * changes v2.00 -> v2.01:

 Type.: Bug
--- a/src/shared.c
+++ b/src/shared.c
@ -14688,9 +14688,13 @@ int scrypt_parse_hash (char *input_buf, uint input_len, hash_t *hash_buf)

  // base64 decode

+  int salt_len_base64 = hash_pos - saltbuf_pos;
+
+  if (salt_len_base64 > 45) return (PARSER_SALT_LENGTH);
+
  u8 tmp_buf[33] = { 0 };

-  int tmp_len = base64_decode (base64_to_int, (const u8 *) saltbuf_pos, hash_pos - saltbuf_pos, tmp_buf);
+  int tmp_len = base64_decode (base64_to_int, (const u8 *) saltbuf_pos, salt_len_base64, tmp_buf);

  char *salt_buf_ptr = (char *) salt->salt_buf;