Skip to content

Commit 1a81858

Browse files
techheadrecrsn
authored andcommittedJun 1, 2020
Pass key_len to bcrypt(). Fix for issues #774, #776
1 parent 96c41e2 commit 1a81858

File tree

3 files changed

+8
-10
lines changed

3 files changed

+8
-10
lines changed
 

‎src/bcrypt.cc

+3-5
Original file line numberDiff line numberDiff line change
@@ -146,12 +146,11 @@ bcrypt_gensalt(char minor, u_int8_t log_rounds, u_int8_t *seed, char *gsalt)
146146
i.e. $2$04$iwouldntknowwhattosayetKdJ6iFtacBqJdKe6aW7ou */
147147

148148
void
149-
bcrypt(const char *key, const char *salt, char *encrypted)
149+
bcrypt(const char *key, size_t key_len, const char *salt, char *encrypted)
150150
{
151151
blf_ctx state;
152152
u_int32_t rounds, i, k;
153153
u_int16_t j;
154-
size_t key_len;
155154
u_int8_t salt_len, logr, minor;
156155
u_int8_t ciphertext[4 * BCRYPT_BLOCKS+1] = "OrpheanBeholderScryDoubt";
157156
u_int8_t csalt[BCRYPT_MAXSALT];
@@ -215,14 +214,13 @@ bcrypt(const char *key, const char *salt, char *encrypted)
215214
decode_base64(csalt, BCRYPT_MAXSALT, (u_int8_t *) salt);
216215
salt_len = BCRYPT_MAXSALT;
217216
if (minor <= 'a')
218-
key_len = (u_int8_t)(strlen(key) + (minor >= 'a' ? 1 : 0));
217+
key_len = (u_int8_t)(key_len + (minor >= 'a' ? 1 : 0));
219218
else
220219
{
221-
/* strlen() returns a size_t, but the function calls
220+
/* size_t, but the function calls
222221
* below result in implicit casts to a narrower integer
223222
* type, so cap key_len at the actual maximum supported
224223
* length here to avoid integer wraparound */
225-
key_len = strlen(key);
226224
if (key_len > 72)
227225
key_len = 72;
228226
key_len++; /* include the NUL */

‎src/bcrypt_node.cc

+4-4
Original file line numberDiff line numberDiff line change
@@ -148,7 +148,7 @@ namespace {
148148
SetError("Invalid salt. Salt must be in the form of: $Vers$log2(NumRounds)$saltvalue");
149149
}
150150
char bcrypted[_PASSWORD_LEN];
151-
bcrypt(input.c_str(), salt.c_str(), bcrypted);
151+
bcrypt(input.c_str(), input.length(), salt.c_str(), bcrypted);
152152
output = std::string(bcrypted);
153153
}
154154

@@ -185,7 +185,7 @@ namespace {
185185
throw Napi::Error::New(env, "Invalid salt. Salt must be in the form of: $Vers$log2(NumRounds)$saltvalue");
186186
}
187187
char bcrypted[_PASSWORD_LEN];
188-
bcrypt(data.c_str(), salt.c_str(), bcrypted);
188+
bcrypt(data.c_str(), data.length(), salt.c_str(), bcrypted);
189189
return Napi::String::New(env, bcrypted, strlen(bcrypted));
190190
}
191191

@@ -206,7 +206,7 @@ namespace {
206206
void Execute() {
207207
char bcrypted[_PASSWORD_LEN];
208208
if (ValidateSalt(encrypted.c_str())) {
209-
bcrypt(input.c_str(), encrypted.c_str(), bcrypted);
209+
bcrypt(input.c_str(), input.length(), encrypted.c_str(), bcrypted);
210210
result = CompareStrings(bcrypted, encrypted.c_str());
211211
}
212212
}
@@ -243,7 +243,7 @@ namespace {
243243
std::string hash = info[1].As<Napi::String>();
244244
char bcrypted[_PASSWORD_LEN];
245245
if (ValidateSalt(hash.c_str())) {
246-
bcrypt(pw.c_str(), hash.c_str(), bcrypted);
246+
bcrypt(pw.c_str(), pw.length(), hash.c_str(), bcrypted);
247247
return Napi::Boolean::New(env, CompareStrings(bcrypted, hash.c_str()));
248248
} else {
249249
return Napi::Boolean::New(env, false);

‎src/node_blf.h

+1-1
Original file line numberDiff line numberDiff line change
@@ -125,7 +125,7 @@ u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t , u_int16_t *);
125125

126126
/* bcrypt functions*/
127127
void bcrypt_gensalt(char, u_int8_t, u_int8_t*, char *);
128-
void bcrypt(const char *, const char *, char *);
128+
void bcrypt(const char *, size_t key_len, const char *, char *);
129129
void encode_salt(char *, u_int8_t *, char, u_int16_t, u_int8_t);
130130
u_int32_t bcrypt_get_rounds(const char *);
131131

0 commit comments

Comments
 (0)
Please sign in to comment.