]> granicus.if.org Git - musl/commitdiff
in crypt-sha*, reject excessive rounds as error rather than clamping
authorRich Felker <dalias@aerifal.cx>
Tue, 16 Feb 2016 22:38:07 +0000 (17:38 -0500)
committerRich Felker <dalias@aerifal.cx>
Tue, 16 Feb 2016 22:38:07 +0000 (17:38 -0500)
the reference implementation clamps rounds to [1000,999999999]. we
further limited rounds to at most 9999999 as a defense against extreme
run times, but wrongly clamped instead of treating out-of-bounds
values as an error, thereby producing implementation-specific hash
results. fixing this should not break anything since values of rounds
this high are not useful anyway.

src/crypt/crypt_sha256.c
src/crypt/crypt_sha512.c

index d5f0b786df252fae553271f276f61ed8c7f9e87d..e885dc68e3c5b7260c0d1aace28872f837bf4322 100644 (file)
@@ -230,7 +230,7 @@ static char *sha256crypt(const char *key, const char *setting, char *output)
                if (u < ROUNDS_MIN)
                        r = ROUNDS_MIN;
                else if (u > ROUNDS_MAX)
-                       r = ROUNDS_MAX;
+                       return 0;
                else
                        r = u;
                /* needed when rounds is zero prefixed or out of bounds */
index 1294e98be78f5c364e8b744c535bd5d25b43a2f3..39970cafe87154ddddac5238d2ba3ff2c62859a5 100644 (file)
@@ -252,7 +252,7 @@ static char *sha512crypt(const char *key, const char *setting, char *output)
                if (u < ROUNDS_MIN)
                        r = ROUNDS_MIN;
                else if (u > ROUNDS_MAX)
-                       r = ROUNDS_MAX;
+                       return 0;
                else
                        r = u;
                /* needed when rounds is zero prefixed or out of bounds */