rsvp: harden valid() to fix buffer overflow

Related to #5157
openwall · Jul 2, 2022 · 4ed17b9 · 4ed17b9
1 parent 1b47abf
commit 4ed17b9
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/src/rsvp_fmt_plug.c b/src/rsvp_fmt_plug.c
@@ -191,7 +191,6 @@ static void done(void)
 static int valid(char *ciphertext, struct fmt_main *self)
 {
 	char *p, *strkeep;
-	int version;
 
 	if (strncmp(ciphertext, FORMAT_TAG, TAG_LENGTH))
 		return 0;
@@ -201,8 +200,7 @@ static int valid(char *ciphertext, struct fmt_main *self)
 
 	if ((p = strtokm(p, "$")) == NULL) /* version */
 		goto err;
-	version = atoi(p);
-	if (version != 1  && version != 2 && version != 3 && version != 4 && version != 5 && version != 6)
+	if (p[0] < '1' || p[0] > '6' || p[1])
 		goto err;
 
 	if ((p = strtokm(NULL, "$")) == NULL) /* salt */