The number of rounds is just two digits in the salt. We've already

verified that they are there via isdigit() so we can convert from ASCII to an int without using atoi(). OK guenther@ deraadt@
author: millert <> 2015-09-13 12:42:39 +0000
committer: millert <> 2015-09-13 12:42:39 +0000
commit: 629b11ace4d06660bae04ea3e03ea2fe9455d522 (patch)
tree: 390a499ce2ca95ef863b9b8479909ea9b3a70ba2 /src/lib/libc
parent: 22c85357bfe5c53ac5831efbd4810877f6795bd9 (diff)
download: openbsd-629b11ace4d06660bae04ea3e03ea2fe9455d522.tar.gz
openbsd-629b11ace4d06660bae04ea3e03ea2fe9455d522.tar.bz2
openbsd-629b11ace4d06660bae04ea3e03ea2fe9455d522.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libc/crypt/bcrypt.c b/src/lib/libc/crypt/bcrypt.c
index 04c04e89af..0e6b00f12d 100644
--- a/src/lib/libc/crypt/bcrypt.c
+++ b/src/lib/libc/crypt/bcrypt.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: bcrypt.c,v 1.53 2015/07/18 00:56:37 tedu Exp $        */
+/*      $OpenBSD: bcrypt.c,v 1.54 2015/09/13 12:42:39 millert Exp $     */
 /*
 * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
@@ -138,7 +138,7 @@ bcrypt_hashpass(const char *key, const char *salt, char *encrypted,
        if (!isdigit((unsigned char)salt[0]) ||
            !isdigit((unsigned char)salt[1]) || salt[2] != '$')
                goto inval;
-        logr = atoi(salt);
+        logr = (salt[1] - '0') + ((salt[0] - '0') * 10);
        if (logr < BCRYPT_MINLOGROUNDS || logr > 31)
                goto inval;
        /* Computer power doesn't increase linearly, 2^x should be fine */
author	millert <>	2015-09-13 12:42:39 +0000
committer	millert <>	2015-09-13 12:42:39 +0000
commit	629b11ace4d06660bae04ea3e03ea2fe9455d522 (patch)
tree	390a499ce2ca95ef863b9b8479909ea9b3a70ba2 /src/lib/libc
parent	22c85357bfe5c53ac5831efbd4810877f6795bd9 (diff)
download	openbsd-629b11ace4d06660bae04ea3e03ea2fe9455d522.tar.gz openbsd-629b11ace4d06660bae04ea3e03ea2fe9455d522.tar.bz2 openbsd-629b11ace4d06660bae04ea3e03ea2fe9455d522.zip

diff --git a/src/lib/libc/crypt/bcrypt.c b/src/lib/libc/crypt/bcrypt.c index 04c04e89af..0e6b00f12d 100644 --- a/src/lib/libc/crypt/bcrypt.c +++ b/src/lib/libc/crypt/bcrypt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bcrypt.c,v 1.53 2015/07/18 00:56:37 tedu Exp $ */	1	/* $OpenBSD: bcrypt.c,v 1.54 2015/09/13 12:42:39 millert Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>	4	* Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
@@ -138,7 +138,7 @@ bcrypt_hashpass(const char key, const char salt, char *encrypted,
138	if (!isdigit((unsigned char)salt[0]) \|\|	138	if (!isdigit((unsigned char)salt[0]) \|\|
139	!isdigit((unsigned char)salt[1]) \|\| salt[2] != '$')	139	!isdigit((unsigned char)salt[1]) \|\| salt[2] != '$')
140	goto inval;	140	goto inval;
141	logr = atoi(salt);	141	logr = (salt[1] - '0') + ((salt[0] - '0') * 10);
142	if (logr < BCRYPT_MINLOGROUNDS \|\| logr > 31)	142	if (logr < BCRYPT_MINLOGROUNDS \|\| logr > 31)
143	goto inval;	143	goto inval;
144	/* Computer power doesn't increase linearly, 2^x should be fine */	144	/* Computer power doesn't increase linearly, 2^x should be fine */