zig

fork of https://codeberg.org/ziglang/zig
Log | Files | Refs | README | LICENSE
commit 0fac47cf28dfc669397a2bb1f661b13915a0ab4c (tree)
parent 70de2f3a763550cf408705a73cc66f79a45a6e68
Author: Frank Denis <124872+jedisct1@users.noreply.github.com>
Date:   Sat, 14 Dec 2024 20:26:55 +0100

argon2: bail out if m < 8p (#22232)

Fixes #22231
Diffstat:

Mlib/std/crypto/argon2.zig | 1+


1 file changed, 1 insertion(+), 0 deletions(-)

diff --git a/lib/std/crypto/argon2.zig b/lib/std/crypto/argon2.zig
@@ -496,6 +496,7 @@ pub fn kdf(
     if (password.len > max_int) return KdfError.WeakParameters;
     if (salt.len < 8 or salt.len > max_int) return KdfError.WeakParameters;
     if (params.t < 1 or params.p < 1) return KdfError.WeakParameters;
+    if (params.m / 8 < params.p) return KdfError.WeakParameters;
 
     var h0 = initHash(password, salt, params, derived_key.len, mode);
     const memory = @max(