shadow-utils/shadow-4.9-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch
Iker Pedrosa fbc8eba072 libmisc: fix default value in SHA_get_salt_rounds()
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2021-08-17 09:49:01 +02:00

61 lines
1.7 KiB
Diff

From 234e8fa7b134d1ebabfdad980a3ae5b63c046c62 Mon Sep 17 00:00:00 2001
From: Mike Gilbert <floppym@gentoo.org>
Date: Sat, 14 Aug 2021 13:24:34 -0400
Subject: [PATCH] libmisc: fix default value in SHA_get_salt_rounds()
If SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are both unspecified,
use SHA_ROUNDS_DEFAULT.
Previously, the code fell through, calling shadow_random(-1, -1). This
ultimately set rounds = (unsigned long) -1, which ends up being a very
large number! This then got capped to SHA_ROUNDS_MAX later in the
function.
The new behavior matches BCRYPT_get_salt_rounds().
Bug: https://bugs.gentoo.org/808195
Fixes: https://github.com/shadow-maint/shadow/issues/393
---
libmisc/salt.c | 21 +++++++++++----------
1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/libmisc/salt.c b/libmisc/salt.c
index 91d528fd..30eefb9c 100644
--- a/libmisc/salt.c
+++ b/libmisc/salt.c
@@ -223,20 +223,21 @@ static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *pre
if ((-1 == min_rounds) && (-1 == max_rounds)) {
rounds = SHA_ROUNDS_DEFAULT;
}
+ else {
+ if (-1 == min_rounds) {
+ min_rounds = max_rounds;
+ }
- if (-1 == min_rounds) {
- min_rounds = max_rounds;
- }
+ if (-1 == max_rounds) {
+ max_rounds = min_rounds;
+ }
- if (-1 == max_rounds) {
- max_rounds = min_rounds;
- }
+ if (min_rounds > max_rounds) {
+ max_rounds = min_rounds;
+ }
- if (min_rounds > max_rounds) {
- max_rounds = min_rounds;
+ rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
}
-
- rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
} else if (0 == *prefered_rounds) {
rounds = SHA_ROUNDS_DEFAULT;
} else {
--
2.31.1