From 234e8fa7b134d1ebabfdad980a3ae5b63c046c62 Mon Sep 17 00:00:00 2001 From: Mike Gilbert Date: Sat, 14 Aug 2021 13:24:34 -0400 Subject: [PATCH] libmisc: fix default value in SHA_get_salt_rounds() If SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are both unspecified, use SHA_ROUNDS_DEFAULT. Previously, the code fell through, calling shadow_random(-1, -1). This ultimately set rounds = (unsigned long) -1, which ends up being a very large number! This then got capped to SHA_ROUNDS_MAX later in the function. The new behavior matches BCRYPT_get_salt_rounds(). Bug: https://bugs.gentoo.org/808195 Fixes: https://github.com/shadow-maint/shadow/issues/393 --- libmisc/salt.c | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/libmisc/salt.c b/libmisc/salt.c index 91d528fd..30eefb9c 100644 --- a/libmisc/salt.c +++ b/libmisc/salt.c @@ -223,20 +223,21 @@ static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *pre if ((-1 == min_rounds) && (-1 == max_rounds)) { rounds = SHA_ROUNDS_DEFAULT; } + else { + if (-1 == min_rounds) { + min_rounds = max_rounds; + } - if (-1 == min_rounds) { - min_rounds = max_rounds; + if (-1 == max_rounds) { + max_rounds = min_rounds; + } + + if (min_rounds > max_rounds) { + max_rounds = min_rounds; + } + + rounds = (unsigned long) shadow_random (min_rounds, max_rounds); } - - if (-1 == max_rounds) { - max_rounds = min_rounds; - } - - if (min_rounds > max_rounds) { - max_rounds = min_rounds; - } - - rounds = (unsigned long) shadow_random (min_rounds, max_rounds); } else if (0 == *prefered_rounds) { rounds = SHA_ROUNDS_DEFAULT; } else {