diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-06-05 10:35:31 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-06-05 10:35:31 +0000 |
commit | 2cc6951fc6adb8900f32e03050b3e18cfaa14bb0 (patch) | |
tree | 7b0afb3c5fe692fb9c7bf132fe39e07e8b8cc8d3 | |
parent | 0bcf21d7a716cc37dd9078e6d833095aed00244a (diff) | |
download | gnutls-2cc6951fc6adb8900f32e03050b3e18cfaa14bb0.tar.gz |
better checking of return value of rindex
-rw-r--r-- | lib/crypt_bcrypt.c | 11 | ||||
-rw-r--r-- | lib/crypt_srpsha1.c | 7 |
2 files changed, 15 insertions, 3 deletions
diff --git a/lib/crypt_bcrypt.c b/lib/crypt_bcrypt.c index d7d93042e4..46f952f9e7 100644 --- a/lib/crypt_bcrypt.c +++ b/lib/crypt_bcrypt.c @@ -596,7 +596,7 @@ char *crypt_bcrypt(const char *passwd, const char *salt, MPI g, MPI n) uint8 *csalt; uint8 *rtext; uint8 cost; - int i, salt_size = strlen(salt); + int i, salt_size = strlen(salt), len; unsigned char *local_salt, *v; int passwd_len, vsize; opaque *tmp; @@ -615,7 +615,14 @@ char *crypt_bcrypt(const char *passwd, const char *salt, MPI g, MPI n) } sp++; - if (_gnutls_sbase64_decode(sp, (int)rindex(sp, ':') - (int)sp, &csalt) < 0) { + len = (int)rindex(sp, ':'); + if (len==0) { /* no ':' was found */ + gnutls_assert(); + return NULL; + } + len -= (int) sp; + + if (_gnutls_sbase64_decode(sp, len, &csalt) < 0) { gnutls_assert(); return NULL; } diff --git a/lib/crypt_srpsha1.c b/lib/crypt_srpsha1.c index ff41d9ec39..91960ac914 100644 --- a/lib/crypt_srpsha1.c +++ b/lib/crypt_srpsha1.c @@ -62,7 +62,12 @@ char *crypt_srpsha1(const char *username, const char *passwd, } sp++; - len = (int)rindex(sp, ':') - (int)sp; + len = (int)rindex(sp, ':'); + if (len==0) { /* parse error */ + gnutls_assert(); + return NULL; + } + len -= (int)sp; rsalt_size = _gnutls_sbase64_decode(sp, len, &csalt); if (rsalt_size < 0) { |