Browse Source

sticking strlen into a char leads to wraparound at 256. fix this and

introduce a new 'b' hash minor. still generate 'a' minors for now.
reported by solar designer. diff by some combination of solar and jca.
ok deraadt
OPENBSD_5_5
tedu 11 years ago
parent
commit
ddd68ca1c6
1 changed files with 18 additions and 5 deletions
  1. +18
    -5
      src/lib/libc/crypt/bcrypt.c

+ 18
- 5
src/lib/libc/crypt/bcrypt.c View File

@ -1,4 +1,4 @@
/* $OpenBSD: bcrypt.c,v 1.26 2013/12/19 14:31:07 deraadt Exp $ */
/* $OpenBSD: bcrypt.c,v 1.27 2014/02/17 08:58:50 tedu Exp $ */
/*
* Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
@ -168,7 +168,8 @@ bcrypt(const char *key, const char *salt)
blf_ctx state;
u_int32_t rounds, i, k;
u_int16_t j;
u_int8_t key_len, salt_len, logr, minor;
size_t key_len;
u_int8_t salt_len, logr, minor;
u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt";
u_int8_t csalt[BCRYPT_MAXSALT];
u_int32_t cdata[BCRYPT_BLOCKS];
@ -185,8 +186,8 @@ bcrypt(const char *key, const char *salt)
/* Check for minor versions */
if (salt[1] != '$') {
switch (salt[1]) {
case 'a':
/* 'ab' should not yield the same as 'abab' */
case 'a': /* 'ab' should not yield the same as 'abab' */
case 'b': /* cap input length at 72 bytes */
minor = salt[1];
salt++;
break;
@ -220,7 +221,19 @@ bcrypt(const char *key, const char *salt)
/* We dont want the base64 salt but the raw data */
decode_base64(csalt, BCRYPT_MAXSALT, (u_int8_t *) salt);
salt_len = BCRYPT_MAXSALT;
key_len = strlen(key) + (minor >= 'a' ? 1 : 0);
if (minor <= 'a')
key_len = (u_int8_t)(strlen(key) + (minor >= 'a' ? 1 : 0));
else {
/* strlen() returns a size_t, but the function calls
* below result in implicit casts to a narrower integer
* type, so cap key_len at the actual maximum supported
* length here to avoid integer wraparound */
key_len = strlen(key);
if (key_len > 72)
key_len = 72;
if (minor >= 'a')
key_len++; /* include the NUL */
}
/* Setting up S-Boxes and Subkeys */
Blowfish_initstate(&state);


Loading…
Cancel
Save