be more careful with atoi() result; ok otto

author: deraadt <deraadt@openbsd.org> 2006-04-03 19:55:49 +0000
committer: deraadt <deraadt@openbsd.org> 2006-04-03 19:55:49 +0000
commit: 21e836b7923fbbacf5d5979f5e47767f1eab21d7 (patch)
tree: c45757fb137abb2ec10f1bed7f33fa0c3280f739 /lib/libc
parent: sync (diff)
download: wireguard-openbsd-21e836b7923fbbacf5d5979f5e47767f1eab21d7.tar.xz
wireguard-openbsd-21e836b7923fbbacf5d5979f5e47767f1eab21d7.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/libc/crypt/bcrypt.c b/lib/libc/crypt/bcrypt.c
index 6e1ae04e1b5..cdc2dd05a6a 100644
--- a/lib/libc/crypt/bcrypt.c
+++ b/lib/libc/crypt/bcrypt.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bcrypt.c,v 1.19 2004/12/22 17:33:25 otto Exp $	*/
+/*	$OpenBSD: bcrypt.c,v 1.20 2006/04/03 19:55:49 deraadt Exp $	*/
 
 /*
  * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
@@ -183,6 +183,7 @@ bcrypt(const char *key, const char *salt)
 	u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt";
 	u_int8_t csalt[BCRYPT_MAXSALT];
 	u_int32_t cdata[BCRYPT_BLOCKS];
+	int n;
 
 	/* Discard "$" identifier */
 	salt++;
@@ -214,9 +215,10 @@ bcrypt(const char *key, const char *salt)
 		return error;
 
 	/* Computer power doesn't increase linear, 2^x should be fine */
-	logr = atoi(salt);
-	if (logr > 31)
+	n = atoi(salt);
+	if (n > 31 || n < 0)
 		return error;
+	logr = (u_int8_t)n;
 	if ((rounds = (u_int32_t) 1 << logr) < BCRYPT_MINROUNDS)
 		return error;
author	deraadt <deraadt@openbsd.org>	2006-04-03 19:55:49 +0000
committer	deraadt <deraadt@openbsd.org>	2006-04-03 19:55:49 +0000
commit	21e836b7923fbbacf5d5979f5e47767f1eab21d7 (patch)
tree	c45757fb137abb2ec10f1bed7f33fa0c3280f739 /lib/libc
parent	sync (diff)
download	wireguard-openbsd-21e836b7923fbbacf5d5979f5e47767f1eab21d7.tar.xz wireguard-openbsd-21e836b7923fbbacf5d5979f5e47767f1eab21d7.zip