From aabba0bcd2c9f46be67b8024dc2ff7cacb7dc930 Mon Sep 17 00:00:00 2001 From: millert <> Date: Sun, 13 Sep 2015 12:42:39 +0000 Subject: The number of rounds is just two digits in the salt. We've already verified that they are there via isdigit() so we can convert from ASCII to an int without using atoi(). OK guenther@ deraadt@ --- src/lib/libc/crypt/bcrypt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/libc/crypt/bcrypt.c b/src/lib/libc/crypt/bcrypt.c index 04c04e89af..0e6b00f12d 100644 --- a/src/lib/libc/crypt/bcrypt.c +++ b/src/lib/libc/crypt/bcrypt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bcrypt.c,v 1.53 2015/07/18 00:56:37 tedu Exp $ */ +/* $OpenBSD: bcrypt.c,v 1.54 2015/09/13 12:42:39 millert Exp $ */ /* * Copyright (c) 2014 Ted Unangst @@ -138,7 +138,7 @@ bcrypt_hashpass(const char *key, const char *salt, char *encrypted, if (!isdigit((unsigned char)salt[0]) || !isdigit((unsigned char)salt[1]) || salt[2] != '$') goto inval; - logr = atoi(salt); + logr = (salt[1] - '0') + ((salt[0] - '0') * 10); if (logr < BCRYPT_MINLOGROUNDS || logr > 31) goto inval; /* Computer power doesn't increase linearly, 2^x should be fine */ -- cgit v1.2.3-55-g6feb