Branch: Tag:

2017-07-12

2017-07-12 14:15:23 by Henrik Grubbström (Grubba) <grubba@grubba.org>

Nettle.Hash: Check proper initialization in crypt_hash().

Fixes NULL-deref in Nettle.Hash()->crypt_hash().

Thanks to Thomas Gusenleitner <tomgusi@gmail.com> for the report.

Fixes [LysLysKOM 22137102]/[Pike mailinglist 14721].

277:    unsigned char *s;    int plen;    int slen; -  int dsz = meta->digest_size; +  int dsz;       int i;    int r;       int a, b, c;    -  +  if (!meta) +  Pike_error("HashInfo not properly initialized.\n"); +     if (!rounds) rounds = 5000;    if (rounds < 1000) rounds = 1000;    if (rounds > 999999999) rounds = 999999999;