apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yla...@apache.org
Subject svn commit: r1773929 - /apr/apr/trunk/crypto/crypt_blowfish.c
Date Tue, 13 Dec 2016 08:36:47 GMT
Author: ylavic
Date: Tue Dec 13 08:36:47 2016
New Revision: 1773929

URL: http://svn.apache.org/viewvc?rev=1773929&view=rev
Log:
apr_crypto: blowfish: follow up to r1772803: also cap hash verification time.


Modified:
    apr/apr/trunk/crypto/crypt_blowfish.c

Modified: apr/apr/trunk/crypto/crypt_blowfish.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/crypto/crypt_blowfish.c?rev=1773929&r1=1773928&r2=1773929&view=diff
==============================================================================
--- apr/apr/trunk/crypto/crypt_blowfish.c (original)
+++ apr/apr/trunk/crypto/crypt_blowfish.c Tue Dec 13 08:36:47 2016
@@ -684,7 +684,8 @@ static char *BF_crypt(const char *key, c
 	}
 
 	count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
-	if (count < min || BF_decode(data.binary.salt, &setting[7], 16)) {
+	if (count < min || count > 17 ||
+	    BF_decode(data.binary.salt, &setting[7], 16)) {
 		__set_errno(EINVAL);
 		return NULL;
 	}



Mime
View raw message