lib: Silently truncate rbytes after a maximum of 512 bits for sha1crypt.

besser82 · Dec 17, 2021 · 9014fe9 · 9014fe9
1 parent a74a677
commit 9014fe9
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/lib/crypt-pbkdf1-sha1.c b/lib/crypt-pbkdf1-sha1.c
@@ -200,6 +200,10 @@ gensalt_sha1crypt_rn (unsigned long count,
   static_assert (sizeof (uint32_t) == 4,
                  "space calculations below assume 8-bit bytes");
 
+  /* Up to 512 bits (64 bytes) of entropy for computing the salt portion
+     of the MCF-setting are supported.  */
+  nrbytes = (nrbytes > 68 ? 68 : nrbytes);
+
   /* Make sure we have enough random bytes to use for the salt.
      The format supports using up to 48 random bytes, but 12 is
      enough.  We require another 4 bytes of randomness to perturb