From 09f67ccdde6468a0108ab70b740e3a4416a36365 Mon Sep 17 00:00:00 2001 From: tedu <> Date: Tue, 8 Apr 2014 14:20:01 +0000 Subject: [PATCH] fix an error in the stride calculations. the math only works for multiples of the stride. don't overwrite past the end of the buffer, and also save that amount for later so the array is completely filled. ok deraadt djm reported by Dmitry Chestnykh (dchest) --- src/lib/libutil/bcrypt_pbkdf.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/lib/libutil/bcrypt_pbkdf.c b/src/lib/libutil/bcrypt_pbkdf.c index 22725e69..8275b66b 100644 --- a/src/lib/libutil/bcrypt_pbkdf.c +++ b/src/lib/libutil/bcrypt_pbkdf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bcrypt_pbkdf.c,v 1.6 2014/01/31 16:56:32 tedu Exp $ */ +/* $OpenBSD: bcrypt_pbkdf.c,v 1.7 2014/04/08 14:20:01 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst * @@ -104,6 +104,7 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl uint8_t countsalt[4]; size_t i, j, amt, stride; uint32_t count; + size_t origkeylen = keylen; /* nothing crazy */ if (rounds < 1) @@ -149,9 +150,13 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl * pbkdf2 deviation: ouput the key material non-linearly. */ amt = MIN(amt, keylen); - for (i = 0; i < amt; i++) - key[i * stride + (count - 1)] = out[i]; - keylen -= amt; + for (i = 0; i < amt; i++) { + size_t dest = i * stride + (count - 1); + if (dest >= origkeylen) + break; + key[dest] = out[i]; + } + keylen -= i; } /* zap */