projects / oweals / musl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ef2b5e9) | patch
in crypt-sha*, reject excessive rounds as error rather than clamping
authorRich Felker <dalias@aerifal.cx>
Tue, 16 Feb 2016 22:38:07 +0000 (17:38 -0500)
committerRich Felker <dalias@aerifal.cx>
Tue, 16 Feb 2016 22:38:07 +0000 (17:38 -0500)
commitcf115059ba0ecd611008c89c78c37b62f8e6d6af
treeb54cd9ffab93bfe1eafcf6c084b5cc2fec9397edtree | snapshot
parentef2b5e9f13a7f216d6d64aeccc6b33c1262faececommit | diff
in crypt-sha*, reject excessive rounds as error rather than clamping

the reference implementation clamps rounds to [1000,999999999]. we
further limited rounds to at most 9999999 as a defense against extreme
run times, but wrongly clamped instead of treating out-of-bounds
values as an error, thereby producing implementation-specific hash
results. fixing this should not break anything since values of rounds
this high are not useful anyway.
src/crypt/crypt_sha256.c diff | blob | history
src/crypt/crypt_sha512.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.