diff options
| author | Rich Felker <dalias@aerifal.cx> | 2012-08-29 12:56:12 -0400 |
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2012-08-29 12:56:12 -0400 |
| commit | 13157b025e7e19f7ecc27ee93e69057b7fda9b37 (patch) | |
| tree | e8fdf04dfc0e69d70cd55949ad7420b79da07bcc | |
| parent | 507b6091fa75903ff05c21a4470b7b7cc3061d0d (diff) | |
| download | musl-13157b025e7e19f7ecc27ee93e69057b7fda9b37.tar.gz musl-13157b025e7e19f7ecc27ee93e69057b7fda9b37.tar.bz2 musl-13157b025e7e19f7ecc27ee93e69057b7fda9b37.tar.xz musl-13157b025e7e19f7ecc27ee93e69057b7fda9b37.zip | |
anti-DoS rounds count limits for blowfish and des crypt
all of the limits could use review, but err on the side of avoiding
excessive rounds for now.
| -rw-r--r-- | src/misc/crypt_blowfish.c | 2 | ||||
| -rw-r--r-- | src/misc/crypt_des.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/misc/crypt_blowfish.c b/src/misc/crypt_blowfish.c index d3f79851..bd37be84 100644 --- a/src/misc/crypt_blowfish.c +++ b/src/misc/crypt_blowfish.c @@ -625,7 +625,7 @@ static char *BF_crypt(const char *key, const char *setting, } count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0')); - if (count < min || BF_decode(data.binary.salt, &setting[7], 16)) { + if (count < min || count > 2048 || BF_decode(data.binary.salt, &setting[7], 16)) { return NULL; } BF_swap(data.binary.salt, 4); diff --git a/src/misc/crypt_des.c b/src/misc/crypt_des.c index 4454a130..d7b2b15a 100644 --- a/src/misc/crypt_des.c +++ b/src/misc/crypt_des.c @@ -911,7 +911,7 @@ static char *_crypt_extended_r_uut(const char *_key, const char *_setting, char return NULL; count |= value << (i - 1) * 6; } - if (!count) + if (!count || count > 262143) return NULL; for (i = 5, salt = 0; i < 9; i++) { |