You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by ni...@apache.org on 2016/12/06 22:30:55 UTC
svn commit: r1772979 - in /apr/apr-util/branches/1.6.x: CHANGES
crypto/crypt_blowfish.c
Author: niq
Date: Tue Dec 6 22:30:55 2016
New Revision: 1772979
URL: http://svn.apache.org/viewvc?rev=1772979&view=rev
Log:
apr_crypto: avoid excessive iteration in bcrypt hash. [Hanno B�ck]
Modified:
apr/apr-util/branches/1.6.x/CHANGES
apr/apr-util/branches/1.6.x/crypto/crypt_blowfish.c
Modified: apr/apr-util/branches/1.6.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.6.x/CHANGES?rev=1772979&r1=1772978&r2=1772979&view=diff
==============================================================================
--- apr/apr-util/branches/1.6.x/CHANGES [utf-8] (original)
+++ apr/apr-util/branches/1.6.x/CHANGES [utf-8] Tue Dec 6 22:30:55 2016
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with APR-util 1.6.0
+ *) apr_crypto: avoid excessive iteration in bcrypt hash.
+ [Hanno B�ck <hanno hboeck.de>]
+
*) apr_siphash: Implement keyed hash function SipHash. [Yann Ylavic]
*) apr_crypto: Add apr_crypto_key() function which supports keys
Modified: apr/apr-util/branches/1.6.x/crypto/crypt_blowfish.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.6.x/crypto/crypt_blowfish.c?rev=1772979&r1=1772978&r2=1772979&view=diff
==============================================================================
--- apr/apr-util/branches/1.6.x/crypto/crypt_blowfish.c (original)
+++ apr/apr-util/branches/1.6.x/crypto/crypt_blowfish.c Tue Dec 6 22:30:55 2016
@@ -877,7 +877,7 @@ char *_crypt_gensalt_blowfish_rn(const c
const char *input, int size, char *output, int output_size)
{
if (size < 16 || output_size < 7 + 22 + 1 ||
- (count && (count < 4 || count > 31)) ||
+ (count && (count < 4 || count > 17)) ||
prefix[0] != '$' || prefix[1] != '2' ||
(prefix[2] != 'a' && prefix[2] != 'y')) {
if (output_size > 0) output[0] = '\0';