cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Slightly change how the length of argon2 strings is checked

Browse Source
This commit is contained in:
Frank Denis 2016-06-19 23:26:08 +02:00
parent 6fad3644b5
commit 5a3ff833fd
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/libsodium/crypto_pwhash/argon2/argon2.c
View File

@ -178,7 +178,7 @@ int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
uint8_t *out;
int decode_result;
int ret;
uint32_t encoded_len;
size_t encoded_len;
memset(&ctx, 0, sizeof ctx);
@ -188,10 +188,13 @@ int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
ctx.secretlen = 0;
/* max values, to be updated in decode_string */
encoded_len = (uint32_t) strlen(encoded);
ctx.adlen = encoded_len;
ctx.saltlen = encoded_len;
ctx.outlen = encoded_len;
encoded_len = strlen(encoded);
if (encoded_len > UINT32_MAX) {
return ARGON2_DECODING_LENGTH_FAIL;
}
ctx.adlen = (uint32_t) encoded_len;
ctx.saltlen = (uint32_t) encoded_len;
ctx.outlen = (uint32_t) encoded_len;
ctx.ad = (uint8_t *) malloc(ctx.adlen);
ctx.salt = (uint8_t *) malloc(ctx.saltlen);