Skip to content

Commit

Permalink
o3logon: harden valid() to fix buffer overflow
Browse files Browse the repository at this point in the history 
Related to openwall#5157
  • Loading branch information
@AlekseyCherepanov
AlekseyCherepanov committed Jun 30, 2022
1 parent 74a7ebf commit 2be1074
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/o3logon_fmt_plug.c
View file
Expand Up @@ -159,7 +159,7 @@ static int valid(char *ciphertext, struct fmt_main *self)
ciphertext = cp+1;
cp = strchr(ciphertext, '$');
len = strlen(ciphertext);
if (!len || cp || len%16 || hexlenu(ciphertext, &extra) != len || extra)
if (!len || len > 40*2 || cp || len%16 || hexlenu(ciphertext, &extra) != len || extra)
return 0;
return 1;
}
Expand Down

0 comments on commit 2be1074

Please sign in to comment.