Commit 0fac47cf28

Frank Denis <124872+jedisct1@users.noreply.github.com>
2024-12-14 20:26:55
argon2: bail out if m < 8p (#22232)
Fixes #22231
master
1 parent 70de2f3
Changed files (1)
lib
std
crypto
argon2.zig
lib/std/crypto/argon2.zig
@@ -496,6 +496,7 @@ pub fn kdf(
     if (password.len > max_int) return KdfError.WeakParameters;
     if (salt.len < 8 or salt.len > max_int) return KdfError.WeakParameters;
     if (params.t < 1 or params.p < 1) return KdfError.WeakParameters;
+    if (params.m / 8 < params.p) return KdfError.WeakParameters;
 
     var h0 = initHash(password, salt, params, derived_key.len, mode);
     const memory = @max(