View | Details | Raw Unified | Return to bug 20616
Collapse All | Expand All

(-)a/crypt/sha256-crypt.c (-1 / +3 lines)
Lines 89-95 Link Here
89
/* Minimum number of rounds.  */
89
/* Minimum number of rounds.  */
90
#define ROUNDS_MIN 1000
90
#define ROUNDS_MIN 1000
91
/* Maximum number of rounds.  */
91
/* Maximum number of rounds.  */
92
#define ROUNDS_MAX 999999999
92
#define ROUNDS_MAX 9999999
93
93
94
94
95
/* Prototypes for local functions.  */
95
/* Prototypes for local functions.  */
Lines 132-137 Link Here
132
      const char *num = salt + sizeof (sha256_rounds_prefix) - 1;
132
      const char *num = salt + sizeof (sha256_rounds_prefix) - 1;
133
      char *endp;
133
      char *endp;
134
      unsigned long int srounds = strtoul (num, &endp, 10);
134
      unsigned long int srounds = strtoul (num, &endp, 10);
135
      if (srounds > ROUNDS_MAX)
136
        return NULL;
135
      if (*endp == '$')
137
      if (*endp == '$')
136
	{
138
	{
137
	  salt = endp + 1;
139
	  salt = endp + 1;
(-)a/crypt/sha512-crypt.c (-1 / +3 lines)
Lines 89-95 Link Here
89
/* Minimum number of rounds.  */
89
/* Minimum number of rounds.  */
90
#define ROUNDS_MIN 1000
90
#define ROUNDS_MIN 1000
91
/* Maximum number of rounds.  */
91
/* Maximum number of rounds.  */
92
#define ROUNDS_MAX 999999999
92
#define ROUNDS_MAX 9999999
93
93
94
94
95
/* Prototypes for local functions.  */
95
/* Prototypes for local functions.  */
Lines 132-137 Link Here
132
      const char *num = salt + sizeof (sha512_rounds_prefix) - 1;
132
      const char *num = salt + sizeof (sha512_rounds_prefix) - 1;
133
      char *endp;
133
      char *endp;
134
      unsigned long int srounds = strtoul (num, &endp, 10);
134
      unsigned long int srounds = strtoul (num, &endp, 10);
135
      if (srounds > ROUNDS_MAX)
136
        return NULL;
135
      if (*endp == '$')
137
      if (*endp == '$')
136
	{
138
	{
137
	  salt = endp + 1;
139
	  salt = endp + 1;

Return to bug 20616