Skip to content

Commit

Permalink
PEM: check input ciphertext length to avoid buffer overflow
Browse files Browse the repository at this point in the history
  • Loading branch information
@sylvainpelissier @solardiz
sylvainpelissier authored and solardiz committed Feb 22, 2022
1 parent e3b3206 commit 75667e2
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion src/pem_common_plug.c
View file
Expand Up @@ -65,7 +65,7 @@ int pem_valid(char *ciphertext, struct fmt_main *self)
goto err;
if ((p = strtokm(NULL, "$")) == NULL) // salt
goto err;
if (hexlenl(p, &extra) != 16 || extra)
if (hexlenl(p, &extra) != SALTLEN * 2 || extra)
goto err;
if ((p = strtokm(NULL, "$")) == NULL) // iterations
goto err;
Expand All @@ -81,6 +81,8 @@ int pem_valid(char *ciphertext, struct fmt_main *self)
if (!isdec(p))
goto err;
len = atoi(p);
if (len > CTLEN)
goto err;
if ((p = strtokm(NULL, "*")) == NULL) // ciphertext
goto err;
if (hexlenl(p, &extra) != len*2 || extra)
Expand Down

0 comments on commit 75667e2

Please sign in to comment.