Add encrypted length guard.

author Vsevolod Stakhov <vsevolod@highsecure.ru>

Thu, 24 Sep 2015 17:33:48 +0000 (18:33 +0100)

committer Vsevolod Stakhov <vsevolod@highsecure.ru>

Thu, 24 Sep 2015 17:33:48 +0000 (18:33 +0100)
author Vsevolod Stakhov <vsevolod@highsecure.ru>
Thu, 24 Sep 2015 17:33:48 +0000 (18:33 +0100)
committer Vsevolod Stakhov <vsevolod@highsecure.ru>
Thu, 24 Sep 2015 17:33:48 +0000 (18:33 +0100)
diff --git a/src/rspamadm/pw.c b/src/rspamadm/pw.c

index c2a5ca690a673fc4c6ace28daa4e0c21c3b91885..df1ca2db70710921d3c44a79429eb24fdd541522 100644 (file)
--- a/src/rspamadm/pw.c
+++ b/src/rspamadm/pw.c
@@ -178,6 +178,12 @@ rspamadm_pw_check (void)
         pbkdf = &pbkdf_list[0];
         g_assert (pbkdf != NULL);
  
+       if (encrypted_pwd->len < pbkdf->salt_len + pbkdf->key_len + 3) {
+               msg_err ("incorrect salt: password length: %d, must be at least %z characters",
+                               encrypted_pwd->len, pbkdf->salt_len);
+               exit (EXIT_FAILURE);
+       }
+
         /* get salt */
         salt = rspamd_encrypted_password_get_str (encrypted_pwd->str, 3, &salt_len);
         /* get hash */
author	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Thu, 24 Sep 2015 17:33:48 +0000 (18:33 +0100)
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Thu, 24 Sep 2015 17:33:48 +0000 (18:33 +0100)