From 9014fe9da9dfedc424f715b0c9ad65b138296bc7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Fri, 17 Dec 2021 15:55:36 +0100
Subject: [PATCH] lib: Silently truncate rbytes after a maximum of 512 bits for
 sha1crypt.

---
 lib/crypt-pbkdf1-sha1.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/crypt-pbkdf1-sha1.c b/lib/crypt-pbkdf1-sha1.c
index 5e320d04..2d18da56 100644
--- a/lib/crypt-pbkdf1-sha1.c
+++ b/lib/crypt-pbkdf1-sha1.c
@@ -200,6 +200,10 @@ gensalt_sha1crypt_rn (unsigned long count,
   static_assert (sizeof (uint32_t) == 4,
                  "space calculations below assume 8-bit bytes");
 
+  /* Up to 512 bits (64 bytes) of entropy for computing the salt portion
+     of the MCF-setting are supported.  */
+  nrbytes = (nrbytes > 68 ? 68 : nrbytes);
+
   /* Make sure we have enough random bytes to use for the salt.
      The format supports using up to 48 random bytes, but 12 is
      enough.  We require another 4 bytes of randomness to perturb