>From f8ed7f5e38568fb700f6c4f470b758640bac87ff Mon Sep 17 00:00:00 2001
From: Alexander Cherepanov <ch3root@openwall.com>
Date: Sun, 22 Mar 2015 00:01:20 +0300
Subject: [PATCH] 7z: compute data length from data and bound it

---
 src/7z_fmt_plug.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/7z_fmt_plug.c b/src/7z_fmt_plug.c
index 78f7a4f..ae40a63 100644
--- a/src/7z_fmt_plug.c
+++ b/src/7z_fmt_plug.c
@@ -195,13 +195,14 @@ static void *get_salt(char *ciphertext)
 	p = strtokm(NULL, "$"); /* crc */
 	cs->crc = atou(p); /* unsigned function */
 	p = strtokm(NULL, "$");
-	cs->length = atoi(p);
+        /* ignore data length taken from the hash */
 	p = strtokm(NULL, "$");
 	cs->unpacksize = atoi(p);
 	p = strtokm(NULL, "$"); /* crc */
-	for (i = 0; i < cs->length; i++)
+	for (i = 0; i < BIG_ENOUGH && p[i * 2] && p[i * 2 + 1]; i++)
 		cs->data[i] = atoi16[ARCH_INDEX(p[i * 2])] * 16
 			+ atoi16[ARCH_INDEX(p[i * 2 + 1])];
+        cs->length = i;
 	MEM_FREE(keeptr);
 	return (void *)cs;
 }
-- 
1.7.10.4