Skip to content

Commit

Permalink
o3logon format: Use a truncated salt instead of segfaulting in case
Browse files Browse the repository at this point in the history 
user runs a codepage-encoded input file with encoding set to UTF-8.
See discussion in #2243. Closes #2243.
  • Loading branch information
@magnumripper
magnumripper committed Aug 31, 2016
1 parent 28713b6 commit dc632b3
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion src/o3logon_fmt_plug.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ static struct fmt_tests tests[] = {
};

typedef struct ora9_salt_t {
unsigned int userlen, auth_pass_len;
int userlen, auth_pass_len;
UTF16 user[MAX_USERNAME_LEN+1];
unsigned char auth_sesskey[16];
unsigned char auth_pass[40];
Expand Down Expand Up @@ -331,6 +331,8 @@ static void *get_salt(char *ciphertext)
strncpy((char*)tmp, ciphertext, cp-ciphertext);
tmp[cp-ciphertext] = 0;
salt.userlen = enc_to_utf16_be(salt.user, MAX_USERNAME_LEN, tmp, cp-ciphertext);
if (salt.userlen < 0)
salt.userlen = strlen16(salt.user);
salt.userlen *= 2;
base64_convert(cp+1,e_b64_hex,32,salt.auth_sesskey,e_b64_raw,16,0,0);
cp = strchr(cp+1, '$') + 1;
Expand Down

2 comments on commit dc632b3

@jfoug
Copy link
Collaborator

@jfoug jfoug commented on dc632b3 Aug 31, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this not a bad fix/hack ? You now have a hash that is being processed, but will never be cracked since it is invalid for the encoding type.

@magnumripper
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well it's no difference than attacking CP737-made LM hashes using CP850. Garbage in, garbage out. Besides, the user DID get a warning about it.

Please sign in to comment.