mirror/zig
1
0
Fork 0
mirror of https://github.com/ziglang/zig.git synced 2026-01-20 22:35:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

argon2: bail out if m < 8p (#22232)

Browse Source 
Fixes #22231
This commit is contained in:
Frank Denis 2024-12-14 20:26:55 +01:00 committed by GitHub
parent 70de2f3a76
commit 0fac47cf28
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/std/crypto/argon2.zig
View File

@ -496,6 +496,7 @@ pub fn kdf(
if (password.len > max_int) return KdfError.WeakParameters;
if (salt.len < 8 or salt.len > max_int) return KdfError.WeakParameters;
if (params.t < 1 or params.p < 1) return KdfError.WeakParameters;
if (params.m / 8 < params.p) return KdfError.WeakParameters;
var h0 = initHash(password, salt, params, derived_key.len, mode);
const memory = @max(