From 28e68fc82c74e50e67ebaeb7bd1caead7d1b48fc Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Thu, 24 Sep 2015 18:33:48 +0100
Subject: [PATCH] Add encrypted length guard.

---
 src/rspamadm/pw.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/rspamadm/pw.c b/src/rspamadm/pw.c
index c2a5ca690..df1ca2db7 100644
--- a/src/rspamadm/pw.c
+++ b/src/rspamadm/pw.c
@@ -178,6 +178,12 @@ rspamadm_pw_check (void)
 	pbkdf = &pbkdf_list[0];
 	g_assert (pbkdf != NULL);
 
+	if (encrypted_pwd->len < pbkdf->salt_len + pbkdf->key_len + 3) {
+		msg_err ("incorrect salt: password length: %d, must be at least %z characters",
+				encrypted_pwd->len, pbkdf->salt_len);
+		exit (EXIT_FAILURE);
+	}
+
 	/* get salt */
 	salt = rspamd_encrypted_password_get_str (encrypted_pwd->str, 3, &salt_len);
 	/* get hash */
-- 
2.39.5