fgets: avoid arithmetic overflow when n==INT_MIN is passed

[musl] / src / crypt / crypt_sha256.c

diff --git a/src/crypt/crypt_sha256.c b/src/crypt/crypt_sha256.c
index e01a208..e885dc6 100644 (file)
--- a/src/crypt/crypt_sha256.c
+++ b/src/crypt/crypt_sha256.c
@@ -153,7 +153,7 @@ static void sha256_update(struct sha256 *s, const void *m, unsigned long len)
        memcpy(s->buf, p, len);
 }
 
-static unsigned char b64[] =
+static const unsigned char b64[] =
 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
 
 static char *to64(char *s, unsigned int u, int n)
@@ -230,7 +230,7 @@ static char *sha256crypt(const char *key, const char *setting, char *output)
                if (u < ROUNDS_MIN)
                        r = ROUNDS_MIN;
                else if (u > ROUNDS_MAX)
-                       r = ROUNDS_MAX;
+                       return 0;
                else
                        r = u;
                /* needed when rounds is zero prefixed or out of bounds */