Browse Source

be more careful with atoi() result; ok otto

OPENBSD_4_0
deraadt 18 years ago
parent
commit
71a91e8ae3
1 changed files with 5 additions and 3 deletions
  1. +5
    -3
      src/lib/libc/crypt/bcrypt.c

+ 5
- 3
src/lib/libc/crypt/bcrypt.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: bcrypt.c,v 1.19 2004/12/22 17:33:25 otto Exp $ */
/* $OpenBSD: bcrypt.c,v 1.20 2006/04/03 19:55:49 deraadt Exp $ */
/* /*
* Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
@ -183,6 +183,7 @@ bcrypt(const char *key, const char *salt)
u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt"; u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt";
u_int8_t csalt[BCRYPT_MAXSALT]; u_int8_t csalt[BCRYPT_MAXSALT];
u_int32_t cdata[BCRYPT_BLOCKS]; u_int32_t cdata[BCRYPT_BLOCKS];
int n;
/* Discard "$" identifier */ /* Discard "$" identifier */
salt++; salt++;
@ -214,9 +215,10 @@ bcrypt(const char *key, const char *salt)
return error; return error;
/* Computer power doesn't increase linear, 2^x should be fine */ /* Computer power doesn't increase linear, 2^x should be fine */
logr = atoi(salt);
if (logr > 31)
n = atoi(salt);
if (n > 31 || n < 0)
return error; return error;
logr = (u_int8_t)n;
if ((rounds = (u_int32_t) 1 << logr) < BCRYPT_MINROUNDS) if ((rounds = (u_int32_t) 1 << logr) < BCRYPT_MINROUNDS)
return error; return error;


Loading…
Cancel
Save