diff options
author | Mattias Andrée <maandree@kth.se> | 2022-02-16 22:53:34 +0100 |
---|---|---|
committer | Mattias Andrée <maandree@kth.se> | 2022-02-16 22:53:43 +0100 |
commit | 407c937a1ce70bf12d53e4b3854eb0581610ab71 (patch) | |
tree | 2a53210d711dda9d975beb2e3e93fcd18d85fc42 /libar2_decode_params.c | |
parent | Make test code work with musl (diff) | |
download | libar2-407c937a1ce70bf12d53e4b3854eb0581610ab71.tar.gz libar2-407c937a1ce70bf12d53e4b3854eb0581610ab71.tar.bz2 libar2-407c937a1ce70bf12d53e4b3854eb0581610ab71.tar.xz |
Strict parameter order in parameter string (this is what is done in the reference implementation and is the desirable behaviour)
Signed-off-by: Mattias Andrée <maandree@kth.se>
Diffstat (limited to '')
-rw-r--r-- | libar2_decode_params.c | 61 |
1 files changed, 21 insertions, 40 deletions
diff --git a/libar2_decode_params.c b/libar2_decode_params.c index c42a937..1f7d270 100644 --- a/libar2_decode_params.c +++ b/libar2_decode_params.c @@ -31,8 +31,7 @@ size_t libar2_decode_params(const char *str, struct libar2_argon2_parameters *params, char **bufp, struct libar2_context *ctx) { const char *start = str; - uint_least32_t u32, *u32p; - int have_t = 0, have_m = 0, have_p = 0; + uint_least32_t u32; size_t n, q, r; *bufp = NULL; @@ -68,47 +67,29 @@ libar2_decode_params(const char *str, struct libar2_argon2_parameters *params, c params->version = 0; /* implicit LIBAR2_ARGON2_VERSION_10 */ } - while (*str && *str != '$') { - if (str[0] == 't' && str[1] == '=') { - if (have_t) - goto einval; - have_t = 1; - u32p = ¶ms->t_cost; - str += 2; - - } else if (str[0] == 'm' && str[1] == '=') { - if (have_m) - goto einval; - have_m = 1; - u32p = ¶ms->m_cost; - str += 2; - - } else if (str[0] == 'p' && str[1] == '=') { - if (have_p) - goto einval; - have_p = 1; - u32p = ¶ms->lanes; - str += 2; - - } else { - goto einval; - } + if (str[0] != 'm' || str[1] != '=') + goto einval; + str += 2; + n = decode_u32(str, ¶ms->m_cost); + if (!n) + goto fail; + str += n; - n = decode_u32(str, u32p); - if (!n) - goto fail; - str += n; - if (*str == '$') - break; - if (*str != ',') - goto einval; - str++; - if (*str == '$') - goto einval; - } + if (str[0] != ',' || str[1] != 't' || str[2] != '=') + goto einval; + str += 3; + n = decode_u32(str, ¶ms->t_cost); + if (!n) + goto fail; + str += n; - if (have_t + have_m + have_p != 3) + if (str[0] != ',' || str[1] != 'p' || str[2] != '=') goto einval; + str += 3; + n = decode_u32(str, ¶ms->lanes); + if (!n) + goto fail; + str += n; if (*str++ != '$') goto einval; |