From 629b11ace4d06660bae04ea3e03ea2fe9455d522 Mon Sep 17 00:00:00 2001 From: millert <> Date: Sun, 13 Sep 2015 12:42:39 +0000 Subject: The number of rounds is just two digits in the salt. We've already verified that they are there via isdigit() so we can convert from ASCII to an int without using atoi(). OK guenther@ deraadt@ --- src/lib/libc/crypt/bcrypt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/lib/libc') diff --git a/src/lib/libc/crypt/bcrypt.c b/src/lib/libc/crypt/bcrypt.c index 04c04e89af..0e6b00f12d 100644 --- a/src/lib/libc/crypt/bcrypt.c +++ b/src/lib/libc/crypt/bcrypt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bcrypt.c,v 1.53 2015/07/18 00:56:37 tedu Exp $ */ +/* $OpenBSD: bcrypt.c,v 1.54 2015/09/13 12:42:39 millert Exp $ */ /* * Copyright (c) 2014 Ted Unangst @@ -138,7 +138,7 @@ bcrypt_hashpass(const char *key, const char *salt, char *encrypted, if (!isdigit((unsigned char)salt[0]) || !isdigit((unsigned char)salt[1]) || salt[2] != '$') goto inval; - logr = atoi(salt); + logr = (salt[1] - '0') + ((salt[0] - '0') * 10); if (logr < BCRYPT_MINLOGROUNDS || logr > 31) goto inval; /* Computer power doesn't increase linearly, 2^x should be fine */ -- cgit v1.2.3-55-g6feb