Module Name: src
Committed By: nia
Date: Tue Oct 12 09:40:39 UTC 2021
Modified Files:
src/lib/libcrypt: crypt-argon2.c
Log Message:
crypt-argon2: improve resilience of the parser.
Allow the version number to be unspecified as in the argon2 upstream
test suite, properly defaulting to a version if the v= block is
entirely missing, and treating the remaining block as parameters.
Fix a null pointer derefence when the encoded password is unspecified
in the settings string.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/lib/libcrypt/crypt-argon2.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libcrypt/crypt-argon2.c
diff -u src/lib/libcrypt/crypt-argon2.c:1.2 src/lib/libcrypt/crypt-argon2.c:1.3
--- src/lib/libcrypt/crypt-argon2.c:1.2 Thu May 14 08:34:19 2020
+++ src/lib/libcrypt/crypt-argon2.c Tue Oct 12 09:40:38 2021
@@ -95,15 +95,24 @@ static int decode_option(argon2_context
a = strsep(&inp, "$");
- if ((getnum(a, &tmp))<0) { /* on error, default to current */
- /* should start thinking about aborting */
- ctx->version = ARGON2_VERSION_NUMBER;
+ /* parse the version number of the hash, if it's there */
+ if (strncmp(a, "v=", 2) == 0) {
+ a += 2;
+ if ((getnum(a, &tmp))<0) { /* on error, default to current */
+ /* should start thinking about aborting */
+ ctx->version = ARGON2_VERSION_NUMBER;
+ } else {
+ ctx->version = tmp;
+ }
+ a = strsep(&inp, "$");
} else {
- ctx->version = tmp;
+ /*
+ * This is a parameter list, not a version number, use the
+ * default version.
+ */
+ ctx->version = ARGON2_VERSION_NUMBER;
}
- a = strsep(&inp, "$");
-
/* parse labelled argon2 params */
/* m_cost (m)
* t_cost (t)
@@ -143,12 +152,12 @@ static int decode_option(argon2_context
a = strsep(&inp, "$");
- snprintf((char *)ctx->salt,ctx->saltlen, "%s", a);
+ snprintf((char *)ctx->salt, ctx->saltlen, "%s", a);
a = strsep(&inp, "$");
- if (*a) {
- snprintf((char *)ctx->pwd,ctx->pwdlen, "%s", a);
+ if (a) {
+ snprintf((char *)ctx->pwd, ctx->pwdlen, "%s", a);
} else {
/* don't care if passwd hash is missing */
/* if missing, most likely coming from */
@@ -212,7 +221,7 @@ __crypt_argon2(const char *pw, const cha
rc = decode_option(&ctx, &atype, salt);
if (rc < 0) {
- /* unable to parse input params */
+ /* unable to parse input params */
return 0;
}
@@ -221,7 +230,8 @@ __crypt_argon2(const char *pw, const cha
ebuf, sizeof(ebuf), encodebuf, sizeof(encodebuf), atype, ctx.version);
if (rc != ARGON2_OK) {
- fprintf(stderr, "Failed: %s\n", argon2_error_message(rc));
+ fprintf(stderr, "argon2: failed: %s\n",
+ argon2_error_message(rc));
return 0;
}
