https://bugzilla.mindrot.org/show_bug.cgi?id=2097
Bug ID: 2097
Summary: if gensalt's log_rounds parameter is set to 31 it does
0 (ZERO) rounds!
Classification: Unclassified
Product: jBCrypt
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: security
Priority: P5
Component: Default
Assignee: [email protected]
Reporter: [email protected]
In the method crypt_raw you are calculating the rounds with:
int rounds = 1 << log_rounds;
Java's int is a signed type, meaning a 1 << 31 will cause it to flip to
-2147483648
Hence this loop further down will not run at all:
for (i = 0; i < rounds; i++) {
key(password);
key(salt);
}
rounds needs to be of type long if 31 is supposed to be a valid
parameter!
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
