Browse Source

The number of rounds is just two digits in the salt. We've already

verified that they are there via isdigit() so we can convert from
ASCII to an int without using atoi().  OK guenther@ deraadt@
OPENBSD_5_9
millert 9 years ago
parent
commit
adeece9d95
1 changed files with 2 additions and 2 deletions
  1. +2
    -2
      src/lib/libc/crypt/bcrypt.c

+ 2
- 2
src/lib/libc/crypt/bcrypt.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: bcrypt.c,v 1.53 2015/07/18 00:56:37 tedu Exp $ */
/* $OpenBSD: bcrypt.c,v 1.54 2015/09/13 12:42:39 millert Exp $ */
/*
* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
@ -138,7 +138,7 @@ bcrypt_hashpass(const char *key, const char *salt, char *encrypted,
if (!isdigit((unsigned char)salt[0]) ||
!isdigit((unsigned char)salt[1]) || salt[2] != '$')
goto inval;
logr = atoi(salt);
logr = (salt[1] - '0') + ((salt[0] - '0') * 10);
if (logr < BCRYPT_MINLOGROUNDS || logr > 31)
goto inval;
/* Computer power doesn't increase linearly, 2^x should be fine */


Loading…
Cancel
Save