projects / musl / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
anti-DoS rounds count limits for blowfish and des crypt
[musl] / src / misc / crypt_blowfish.c
diff --git a/src/misc/crypt_blowfish.c b/src/misc/crypt_blowfish.c
index d3f7985..bd37be8 100644 (file)
--- a/src/misc/crypt_blowfish.c
+++ b/src/misc/crypt_blowfish.c
@@ -625,7 +625,7 @@ static char *BF_crypt(const char *key, const char *setting,
        }
 
        count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
        }
 
        count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
-       if (count < min || BF_decode(data.binary.salt, &setting[7], 16)) {
+       if (count < min || count > 2048 || BF_decode(data.binary.salt, &setting[7], 16)) {
                return NULL;
        }
        BF_swap(data.binary.salt, 4);
                return NULL;
        }
        BF_swap(data.binary.salt, 4);
musl