diff options
| author | Yann Ylavic <ylavic@apache.org> | 2016-12-13 08:36:47 +0000 |
|---|---|---|
| committer | Yann Ylavic <ylavic@apache.org> | 2016-12-13 08:36:47 +0000 |
| commit | b0a6f801b2860efa402108a35756f52f59a8c0fb (patch) | |
| tree | 565c2fb5a5d132def01c234e67e5f9f98835a8f0 /crypto/crypt_blowfish.c | |
| parent | 7f8678701f5abb1bf1475061c9fd5e31766a95e2 (diff) | |
| download | apr-b0a6f801b2860efa402108a35756f52f59a8c0fb.tar.gz | |
apr_crypto: blowfish: follow up to r1772803: also cap hash verification time.
Reverted in r1774976.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1773929 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'crypto/crypt_blowfish.c')
| -rw-r--r-- | crypto/crypt_blowfish.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/crypt_blowfish.c b/crypto/crypt_blowfish.c index 013c1ed82..23580c2b4 100644 --- a/crypto/crypt_blowfish.c +++ b/crypto/crypt_blowfish.c @@ -684,7 +684,8 @@ static char *BF_crypt(const char *key, const char *setting, } count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0')); - if (count < min || BF_decode(data.binary.salt, &setting[7], 16)) { + if (count < min || count > 17 || + BF_decode(data.binary.salt, &setting[7], 16)) { __set_errno(EINVAL); return NULL; } |