The number of rounds is just two digits in the salt. We've already

verified that they are there via isdigit() so we can convert from
ASCII to an int without using atoi().  OK guenther@ deraadt@

1 files changed, 2 insertions, 2 deletions

diff --git a/lib/libc/crypt/bcrypt.c b/lib/libc/crypt/bcrypt.c
index 04c04e89af8..0e6b00f12d4 100644
--- a/lib/libc/crypt/bcrypt.c
+++ b/lib/libc/crypt/bcrypt.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bcrypt.c,v 1.53 2015/07/18 00:56:37 tedu Exp $	*/
+/*	$OpenBSD: bcrypt.c,v 1.54 2015/09/13 12:42:39 millert Exp $	*/
 
 /*
  * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
@@ -138,7 +138,7 @@ bcrypt_hashpass(const char *key, const char *salt, char *encrypted,
 	if (!isdigit((unsigned char)salt[0]) ||
 	    !isdigit((unsigned char)salt[1]) || salt[2] != '$')
 		goto inval;
-	logr = atoi(salt);
+	logr = (salt[1] - '0') + ((salt[0] - '0') * 10);
 	if (logr < BCRYPT_MINLOGROUNDS || logr > 31)
 		goto inval;
 	/* Computer power doesn't increase linearly, 2^x should be fine */