summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2012-08-29 12:56:12 -0400
committerRich Felker <dalias@aerifal.cx>2012-08-29 12:56:12 -0400
commit13157b025e7e19f7ecc27ee93e69057b7fda9b37 (patch)
treee8fdf04dfc0e69d70cd55949ad7420b79da07bcc /src
parent507b6091fa75903ff05c21a4470b7b7cc3061d0d (diff)
downloadmusl-13157b025e7e19f7ecc27ee93e69057b7fda9b37.tar.gz
musl-13157b025e7e19f7ecc27ee93e69057b7fda9b37.tar.bz2
musl-13157b025e7e19f7ecc27ee93e69057b7fda9b37.tar.xz
musl-13157b025e7e19f7ecc27ee93e69057b7fda9b37.zip
anti-DoS rounds count limits for blowfish and des crypt
all of the limits could use review, but err on the side of avoiding excessive rounds for now.
Diffstat (limited to 'src')
-rw-r--r--src/misc/crypt_blowfish.c2
-rw-r--r--src/misc/crypt_des.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/src/misc/crypt_blowfish.c b/src/misc/crypt_blowfish.c
index d3f79851..bd37be84 100644
--- a/src/misc/crypt_blowfish.c
+++ b/src/misc/crypt_blowfish.c
@@ -625,7 +625,7 @@ static char *BF_crypt(const char *key, const char *setting,
}
count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
- if (count < min || BF_decode(data.binary.salt, &setting[7], 16)) {
+ if (count < min || count > 2048 || BF_decode(data.binary.salt, &setting[7], 16)) {
return NULL;
}
BF_swap(data.binary.salt, 4);
diff --git a/src/misc/crypt_des.c b/src/misc/crypt_des.c
index 4454a130..d7b2b15a 100644
--- a/src/misc/crypt_des.c
+++ b/src/misc/crypt_des.c
@@ -911,7 +911,7 @@ static char *_crypt_extended_r_uut(const char *_key, const char *_setting, char
return NULL;
count |= value << (i - 1) * 6;
}
- if (!count)
+ if (!count || count > 262143)
return NULL;
for (i = 5, salt = 0; i < 9; i++) {