shinys000114/libssh
1
0
Fork 0
mirror of https://git.libssh.org/projects/libssh.git synced 2026-02-05 12:50:30 +09:00
Code Issues Packages Projects Releases Wiki Activity

external: Fix a possible buffer overrun in bcrypt_pbkdf

Browse Source 
CID: #1250106

This fixes a 1 byte output overflow for large key length (not reachable
in libssh). Pulled from OpenBSD BCrypt PBKDF implementation.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
This commit is contained in:
Andreas Schneider
2015-05-04 16:39:51 +02:00
parent 4b9916136d
commit cf05e653de
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/external/bcrypt_pbkdf.c vendored
View File

@@ -112,6 +112,7 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
uint8_t *countsalt;
size_t i, j, amt, stride;
uint32_t count;
size_t origkeylen = keylen;
SHA512CTX ctx;
/* nothing crazy */
@@ -161,9 +162,14 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltl
* pbkdf2 deviation: ouput the key material non-linearly.
*/
amt = MIN(amt, keylen);
for (i = 0; i < amt; i++)
key[i * stride + (count - 1)] = out[i];
keylen -= amt;
for (i = 0; i < amt; i++) {
size_t dest = i * stride + (count - 1);
if (dest >= origkeylen) {
break;
}
key[dest] = out[i];
}
keylen -= i;
}
/* zap */