pbkdf2-hmac-md5 formats: harden valid() to fix buffer overflow

Related to openwall#5157
AlekseyCherepanov · Jun 30, 2022 · 5fa79e9 · 5fa79e9
1 parent 6af3221
commit 5fa79e9
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/pbkdf2_hmac_common_plug.c b/src/pbkdf2_hmac_common_plug.c
@@ -245,10 +245,12 @@ int pbkdf2_hmac_md5_valid(char *ciphertext, struct fmt_main *self)
 	if (!(ptr = strtokm(NULL, delim)))
 		goto error;
 	len = strlen(ptr); // binary hex length
-	if (len < PBKDF2_MDx_BINARY_SIZE || len > PBKDF2_MDx_MAX_BINARY_SIZE || len & 1)
+	if (len < PBKDF2_MDx_BINARY_SIZE * 2 || len > PBKDF2_MDx_MAX_BINARY_SIZE * 2 || len & 1)
 		goto error;
 	if (!ishexlc(ptr))
 		goto error;
+	if (strtokm(NULL, delim)) // no more fields
+		goto error;
 	MEM_FREE(keeptr);
 	return 1;
 error: