diff options
author | Rich Felker <dalias@aerifal.cx> | 2012-08-29 12:56:12 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2012-08-29 12:56:12 -0400 |
commit | 13157b025e7e19f7ecc27ee93e69057b7fda9b37 (patch) | |
tree | e8fdf04dfc0e69d70cd55949ad7420b79da07bcc /src | |
parent | 507b6091fa75903ff05c21a4470b7b7cc3061d0d (diff) | |
download | musl-13157b025e7e19f7ecc27ee93e69057b7fda9b37.tar.gz musl-13157b025e7e19f7ecc27ee93e69057b7fda9b37.tar.bz2 musl-13157b025e7e19f7ecc27ee93e69057b7fda9b37.tar.xz musl-13157b025e7e19f7ecc27ee93e69057b7fda9b37.zip |
anti-DoS rounds count limits for blowfish and des crypt
all of the limits could use review, but err on the side of avoiding
excessive rounds for now.
Diffstat (limited to 'src')
-rw-r--r-- | src/misc/crypt_blowfish.c | 2 | ||||
-rw-r--r-- | src/misc/crypt_des.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/misc/crypt_blowfish.c b/src/misc/crypt_blowfish.c index d3f79851..bd37be84 100644 --- a/src/misc/crypt_blowfish.c +++ b/src/misc/crypt_blowfish.c @@ -625,7 +625,7 @@ static char *BF_crypt(const char *key, const char *setting, } count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0')); - if (count < min || BF_decode(data.binary.salt, &setting[7], 16)) { + if (count < min || count > 2048 || BF_decode(data.binary.salt, &setting[7], 16)) { return NULL; } BF_swap(data.binary.salt, 4); diff --git a/src/misc/crypt_des.c b/src/misc/crypt_des.c index 4454a130..d7b2b15a 100644 --- a/src/misc/crypt_des.c +++ b/src/misc/crypt_des.c @@ -911,7 +911,7 @@ static char *_crypt_extended_r_uut(const char *_key, const char *_setting, char return NULL; count |= value << (i - 1) * 6; } - if (!count) + if (!count || count > 262143) return NULL; for (i = 5, salt = 0; i < 9; i++) { |