anti-DoS rounds count limits for blowfish and des crypt

all of the limits could use review, but err on the side of avoiding
excessive rounds for now.

diff --git a/src/misc/crypt_blowfish.c b/src/misc/crypt_blowfish.c
index d3f798517e872099ffad66e783e2e1e3be3e84dd..bd37be84c1e996f9fcfc557ab5afdde1475dbe9a 100644 (file)
--- a/src/misc/crypt_blowfish.c
+++ b/src/misc/crypt_blowfish.c
@@ -625,7 +625,7 @@ static char *BF_crypt(const char *key, const char *setting,
        }
 
        count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
-       if (count < min || BF_decode(data.binary.salt, &setting[7], 16)) {
+       if (count < min || count > 2048 || BF_decode(data.binary.salt, &setting[7], 16)) {
                return NULL;
        }
        BF_swap(data.binary.salt, 4);

diff --git a/src/misc/crypt_des.c b/src/misc/crypt_des.c
index 4454a130de79208089875ecc6c29a067a9763752..d7b2b15af40be3bdc71b5554f154e11615b35758 100644 (file)
--- a/src/misc/crypt_des.c
+++ b/src/misc/crypt_des.c
@@ -911,7 +911,7 @@ static char *_crypt_extended_r_uut(const char *_key, const char *_setting, char
                                return NULL;
                        count |= value << (i - 1) * 6;
                }
-               if (!count)
+               if (!count || count > 262143)
                        return NULL;
 
                for (i = 5, salt = 0; i < 9; i++) {