sodium ext: check hash length for scrypt

diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c
index 4a7453a7f20ee44c5740e4a57cede9642fe74a9d..6024d8d12059cd529b30fbd5b33fc82c1c38db46 100644 (file)
--- a/ext/sodium/libsodium.c
+++ b/ext/sodium/libsodium.c
@@ -1670,7 +1670,7 @@ PHP_FUNCTION(sodium_crypto_pwhash_scryptsalsa208sha256)
                                                          &passwd, &passwd_len,
                                                          &salt, &salt_len,
                                                          &opslimit, &memlimit) == FAILURE ||
-               hash_len <= 0 || hash_len >= SIZE_MAX ||
+               hash_len <= 0 || hash_len >= SIZE_MAX || hash_len > 0x1fffffffe0ULL ||
                opslimit <= 0 || memlimit <= 0 || memlimit > SIZE_MAX) {
                zend_throw_exception(sodium_exception_ce, "invalid parameters", 0);
                return;