61 lines
1.7 KiB
Diff
61 lines
1.7 KiB
Diff
From 234e8fa7b134d1ebabfdad980a3ae5b63c046c62 Mon Sep 17 00:00:00 2001
|
|
From: Mike Gilbert <floppym@gentoo.org>
|
|
Date: Sat, 14 Aug 2021 13:24:34 -0400
|
|
Subject: [PATCH] libmisc: fix default value in SHA_get_salt_rounds()
|
|
|
|
If SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are both unspecified,
|
|
use SHA_ROUNDS_DEFAULT.
|
|
|
|
Previously, the code fell through, calling shadow_random(-1, -1). This
|
|
ultimately set rounds = (unsigned long) -1, which ends up being a very
|
|
large number! This then got capped to SHA_ROUNDS_MAX later in the
|
|
function.
|
|
|
|
The new behavior matches BCRYPT_get_salt_rounds().
|
|
|
|
Bug: https://bugs.gentoo.org/808195
|
|
Fixes: https://github.com/shadow-maint/shadow/issues/393
|
|
---
|
|
libmisc/salt.c | 21 +++++++++++----------
|
|
1 file changed, 11 insertions(+), 10 deletions(-)
|
|
|
|
diff --git a/libmisc/salt.c b/libmisc/salt.c
|
|
index 91d528fd..30eefb9c 100644
|
|
--- a/libmisc/salt.c
|
|
+++ b/libmisc/salt.c
|
|
@@ -223,20 +223,21 @@ static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *pre
|
|
if ((-1 == min_rounds) && (-1 == max_rounds)) {
|
|
rounds = SHA_ROUNDS_DEFAULT;
|
|
}
|
|
+ else {
|
|
+ if (-1 == min_rounds) {
|
|
+ min_rounds = max_rounds;
|
|
+ }
|
|
|
|
- if (-1 == min_rounds) {
|
|
- min_rounds = max_rounds;
|
|
- }
|
|
+ if (-1 == max_rounds) {
|
|
+ max_rounds = min_rounds;
|
|
+ }
|
|
|
|
- if (-1 == max_rounds) {
|
|
- max_rounds = min_rounds;
|
|
- }
|
|
+ if (min_rounds > max_rounds) {
|
|
+ max_rounds = min_rounds;
|
|
+ }
|
|
|
|
- if (min_rounds > max_rounds) {
|
|
- max_rounds = min_rounds;
|
|
+ rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
|
|
}
|
|
-
|
|
- rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
|
|
} else if (0 == *prefered_rounds) {
|
|
rounds = SHA_ROUNDS_DEFAULT;
|
|
} else {
|
|
--
|
|
2.31.1
|
|
|