summaryrefslogtreecommitdiff
path: root/lib/libc/crypt
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2006-04-03 19:55:50 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2006-04-03 19:55:50 +0000
commit8f584324c1fc27e7aba73120215c9630a059fc16 (patch)
tree1dd2efc25551c549470bb8fe5c7b36ff199cae2a /lib/libc/crypt
parenta5936c2b25d9af2cf631a1c83a69f28e389764d7 (diff)
be more careful with atoi() result; ok otto
Diffstat (limited to 'lib/libc/crypt')
-rw-r--r--lib/libc/crypt/bcrypt.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/libc/crypt/bcrypt.c b/lib/libc/crypt/bcrypt.c
index 6e1ae04e1b5..cdc2dd05a6a 100644
--- a/lib/libc/crypt/bcrypt.c
+++ b/lib/libc/crypt/bcrypt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bcrypt.c,v 1.19 2004/12/22 17:33:25 otto Exp $ */
+/* $OpenBSD: bcrypt.c,v 1.20 2006/04/03 19:55:49 deraadt Exp $ */
/*
* Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
@@ -183,6 +183,7 @@ bcrypt(const char *key, const char *salt)
u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt";
u_int8_t csalt[BCRYPT_MAXSALT];
u_int32_t cdata[BCRYPT_BLOCKS];
+ int n;
/* Discard "$" identifier */
salt++;
@@ -214,9 +215,10 @@ bcrypt(const char *key, const char *salt)
return error;
/* Computer power doesn't increase linear, 2^x should be fine */
- logr = atoi(salt);
- if (logr > 31)
+ n = atoi(salt);
+ if (n > 31 || n < 0)
return error;
+ logr = (u_int8_t)n;
if ((rounds = (u_int32_t) 1 << logr) < BCRYPT_MINROUNDS)
return error;