further snprintf hardening

besser82 · Mar 8, 2024 · 1287699 · 1287699
1 parent 08b7df0
commit 1287699
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 0 deletions.
diff --git a/lib/crypt-pbkdf1-sha1.c b/lib/crypt-pbkdf1-sha1.c
@@ -148,13 +148,15 @@ crypt_sha1crypt_rn (const char *phrase, size_t phr_size,
     }
 
   sl = (size_t)(sp - setting);
+  assert (sl <= CRYPT_SHA1_SALT_LENGTH);
 
   /*
    * Now get to work...
    * Prime the pump with <salt><magic><iterations>
    */
   dl = snprintf ((char *)output, out_size, "%.*s%s%lu",
                  (int)sl, setting, magic, iterations);
+  assert (dl > 0);
   /*
    * Then hmac using <phrase> as key, and repeat...
    */

diff --git a/lib/crypt-sha256.c b/lib/crypt-sha256.c
@@ -261,6 +261,7 @@ crypt_sha256crypt_rn (const char *phrase, size_t phr_size,
       int n = snprintf (cp,
                         SHA256_HASH_LENGTH - (sizeof (sha256_salt_prefix) - 1),
                         "%s%zu$", sha256_rounds_prefix, rounds);
+      assert (n > 0);
       cp += n;
     }
 

diff --git a/lib/crypt-sha512.c b/lib/crypt-sha512.c
@@ -265,6 +265,7 @@ crypt_sha512crypt_rn (const char *phrase, size_t phr_size,
       int n = snprintf (cp,
                         SHA512_HASH_LENGTH - (sizeof (sha512_salt_prefix) - 1),
                         "%s%zu$", sha512_rounds_prefix, rounds);
+      assert (n > 0);
       cp += n;
     }