[src/trunk]: src/lib/libcrypt crypt-argon2: improve resilience of the parser.

[nia <nia%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/dbe3f5250887
branches:  trunk
changeset: 989116:dbe3f5250887
user:      nia <nia%NetBSD.org@localhost>
date:      Tue Oct 12 09:40:38 2021 +0000

description:
crypt-argon2: improve resilience of the parser.

Allow the version number to be unspecified as in the argon2 upstream
test suite, properly defaulting to a version if the v= block is
entirely missing, and treating the remaining block as parameters.

Fix a null pointer derefence when the encoded password is unspecified
in the settings string.

diffstat:

 lib/libcrypt/crypt-argon2.c |  32 +++++++++++++++++++++-----------
 1 files changed, 21 insertions(+), 11 deletions(-)

diffs (69 lines):

diff -r 22844100685c -r dbe3f5250887 lib/libcrypt/crypt-argon2.c
--- a/lib/libcrypt/crypt-argon2.c       Tue Oct 12 08:36:28 2021 +0000
+++ b/lib/libcrypt/crypt-argon2.c       Tue Oct 12 09:40:38 2021 +0000
@@ -95,15 +95,24 @@
 
        a = strsep(&inp, "$");
 
-       if ((getnum(a, &tmp))<0) { /* on error, default to current */
-                               /* should start thinking about aborting */
-               ctx->version = ARGON2_VERSION_NUMBER;
+       /* parse the version number of the hash, if it's there */
+       if (strncmp(a, "v=", 2) == 0) {
+               a += 2;
+               if ((getnum(a, &tmp))<0) { /* on error, default to current */
+                       /* should start thinking about aborting */
+                       ctx->version = ARGON2_VERSION_NUMBER;
+               } else {
+                       ctx->version = tmp;
+               }
+               a = strsep(&inp, "$");
        } else {
-               ctx->version = tmp;
+               /*
+                * This is a parameter list, not a version number, use the
+                * default version.
+                */
+               ctx->version = ARGON2_VERSION_NUMBER;
        }
 
-       a = strsep(&inp, "$");
-
        /* parse labelled argon2 params */
        /* m_cost (m)
         * t_cost (t)
@@ -143,12 +152,12 @@
 
        a = strsep(&inp, "$");
 
-       snprintf((char *)ctx->salt,ctx->saltlen, "%s", a);
+       snprintf((char *)ctx->salt, ctx->saltlen, "%s", a);
 
        a = strsep(&inp, "$");
 
-       if (*a) {
-               snprintf((char *)ctx->pwd,ctx->pwdlen, "%s", a);
+       if (a) {
+               snprintf((char *)ctx->pwd, ctx->pwdlen, "%s", a);
        } else {
                /* don't care if passwd hash is missing */
                /* if missing, most likely coming from */
@@ -212,7 +221,7 @@
        rc = decode_option(&ctx, &atype, salt);
 
        if (rc < 0) {
-       /* unable to parse input params */
+               /* unable to parse input params */
                return 0;
        }
 
@@ -221,7 +230,8 @@
                ebuf, sizeof(ebuf), encodebuf, sizeof(encodebuf), atype, ctx.version);
 
        if (rc != ARGON2_OK) {
-               fprintf(stderr, "Failed: %s\n", argon2_error_message(rc));
+               fprintf(stderr, "argon2: failed: %s\n",
+                   argon2_error_message(rc));
                return 0;
        }