gpg formats: harden valid() to fix buffer overflow

Related to openwall#5157
AlekseyCherepanov · Jun 30, 2022 · b8c3a08 · b8c3a08
1 parent cd464dd
commit b8c3a08
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/gpg_common_plug.c b/src/gpg_common_plug.c
@@ -368,6 +368,8 @@ int gpg_common_valid(char *ciphertext, struct fmt_main *self, int is_CPU_format)
 		if (!isdec(p))
 			goto err;
 		res = atoi(p);
+		if (res > sizeof(gpg_common_cur_salt->g))
+			goto err;
 		if ((p = strtokm(NULL, "*")) == NULL)
 			goto err;
 		if (hexlenl(p, &extra) != res*2 || extra)