[Bug 2097] New: if gensalt's log_rounds parameter is set to 31 it does 0 (ZERO) rounds!
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu May 2 19:14:24 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2097
Bug ID: 2097
Summary: if gensalt's log_rounds parameter is set to 31 it does
0 (ZERO) rounds!
Classification: Unclassified
Product: jBCrypt
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: Default
Assignee: djm at mindrot.org
Reporter: rathsfeld at pilodata.de
In the method crypt_raw you are calculating the rounds with:
int rounds = 1 << log_rounds;
Java's int is a signed type, meaning a 1 << 31 will cause it to flip to
-2147483648
Hence this loop further down will not run at all:
for (i = 0; i < rounds; i++) {
key(password);
key(salt);
}
rounds needs to be of type long if 31 is supposed to be a valid
parameter!
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list