Integer overflow when log_rounds = 31

nikgoodley-ibboost / jbcrypt

Automatically exported from code.google.com/p/jbcrypt

0 stars 0 forks source link

Integer overflow when log_rounds = 31 #1

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

I expected BCrypt.hashpw(p, BCrypt.gensalt(31)) to take a really long time but 
instead it returns immediately. It's because int overflows on 2^31 and the key 
setup loop returns immediately.

Attached is patch to address this.

PS: I know we're pretty far away from needing 2^31 rounds (on my machine, at 
least). I just happened upon this accidentally. Drive-by-patching, if you will.

Original issue reported on code.google.com by edw...@samson.ph on 22 Sep 2011 at 2:54

Attachments:

rounds-overflow.patch

GoogleCodeExporter commented 9 years ago

Thank you! I will submit this to the author.

Original comment by javafue...@gmail.com on 31 Dec 2011 at 1:44

GoogleCodeExporter commented 9 years ago

Original comment by javafue...@gmail.com on 31 Dec 2011 at 1:58

Changed state: Accepted

GoogleCodeExporter commented 9 years ago

Original comment by javafue...@gmail.com on 31 Dec 2011 at 1:59

GoogleCodeExporter commented 9 years ago

Original comment by javafue...@gmail.com on 31 Dec 2011 at 2:00

Added labels: Milestone-Release0.4

GoogleCodeExporter commented 9 years ago

Original comment by javafue...@gmail.com on 31 Dec 2011 at 2:00

Added labels: Milestone-0.4
Removed labels: Milestone-Release0.4

GoogleCodeExporter commented 9 years ago

Original comment by javafue...@gmail.com on 31 Dec 2011 at 2:02

Added labels: Milestone-0.4m
Removed labels: Milestone-0.4

GoogleCodeExporter commented 9 years ago

[deleted comment]

GoogleCodeExporter commented 9 years ago

With a slight refactoring on top of your patch, the shift can be tested to 
confirm that it's not overflowing:
https://github.com/josephw/jBCrypt/commit/09691293ff9854eb3c49ca6e92a59bb76e8886
e5

Original comment by joe.walt...@gmail.com on 10 Jun 2012 at 12:43