diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2006-04-03 19:55:50 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2006-04-03 19:55:50 +0000 |
commit | 8f584324c1fc27e7aba73120215c9630a059fc16 (patch) | |
tree | 1dd2efc25551c549470bb8fe5c7b36ff199cae2a /lib/libc/crypt | |
parent | a5936c2b25d9af2cf631a1c83a69f28e389764d7 (diff) |
be more careful with atoi() result; ok otto
Diffstat (limited to 'lib/libc/crypt')
-rw-r--r-- | lib/libc/crypt/bcrypt.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/libc/crypt/bcrypt.c b/lib/libc/crypt/bcrypt.c index 6e1ae04e1b5..cdc2dd05a6a 100644 --- a/lib/libc/crypt/bcrypt.c +++ b/lib/libc/crypt/bcrypt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bcrypt.c,v 1.19 2004/12/22 17:33:25 otto Exp $ */ +/* $OpenBSD: bcrypt.c,v 1.20 2006/04/03 19:55:49 deraadt Exp $ */ /* * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de> @@ -183,6 +183,7 @@ bcrypt(const char *key, const char *salt) u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt"; u_int8_t csalt[BCRYPT_MAXSALT]; u_int32_t cdata[BCRYPT_BLOCKS]; + int n; /* Discard "$" identifier */ salt++; @@ -214,9 +215,10 @@ bcrypt(const char *key, const char *salt) return error; /* Computer power doesn't increase linear, 2^x should be fine */ - logr = atoi(salt); - if (logr > 31) + n = atoi(salt); + if (n > 31 || n < 0) return error; + logr = (u_int8_t)n; if ((rounds = (u_int32_t) 1 << logr) < BCRYPT_MINROUNDS) return error; |