Skip to content

Commit 5faa274

Browse files
KevHQtenderlove
authored andcommitted
Fix integer overflow in JRuby BCrypt rounds calculation
[CVE-2026-33306]
1 parent aafc033 commit 5faa274

1 file changed

Lines changed: 4 additions & 3 deletions

File tree

ext/jruby/bcrypt_jruby/BCrypt.java

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -688,20 +688,21 @@ static long roundsForLogRounds(int log_rounds) {
688688
*/
689689
private byte[] crypt_raw(byte password[], byte salt[], int log_rounds,
690690
boolean sign_ext_bug, int safety) {
691-
int rounds, i, j;
691+
long rounds;
692+
int i, j;
692693
int cdata[] = bf_crypt_ciphertext.clone();
693694
int clen = cdata.length;
694695
byte ret[];
695696

696697
if (log_rounds < 4 || log_rounds > 31)
697698
throw new IllegalArgumentException ("Bad number of rounds");
698-
rounds = 1 << log_rounds;
699+
rounds = roundsForLogRounds(log_rounds);
699700
if (salt.length != BCRYPT_SALT_LEN)
700701
throw new IllegalArgumentException ("Bad salt length");
701702

702703
init_key();
703704
ekskey(salt, password, sign_ext_bug, safety);
704-
for (i = 0; i < rounds; i++) {
705+
for (long r = 0; r < rounds; r++) {
705706
key(password, sign_ext_bug, safety);
706707
key(salt, false, safety);
707708
}

0 commit comments

Comments
 (0)