Skip to content

Commit fff3131

Browse files
navfertynavferty
authored
#62732 Fix password validation in PasswordHasher`1: add bound check for salt size before array allocation (#62734)
1 parent e14a8ff commit fff3131

File tree

2 files changed

+4
-2
lines changed

2 files changed

+4
-2
lines changed

src/Identity/Extensions.Core/src/PasswordHasher.cs

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -264,8 +264,7 @@ private static bool VerifyHashedPasswordV3(byte[] hashedPassword, string passwor
264264
{
265265
return false;
266266
}
267-
byte[] salt = new byte[saltLength];
268-
Buffer.BlockCopy(hashedPassword, 13, salt, 0, salt.Length);
267+
byte[] salt = hashedPassword.AsSpan(13, saltLength).ToArray();
269268

270269
// Read the subkey (the rest of the payload): must be >= 128 bits
271270
int subkeyLength = hashedPassword.Length - 13 - salt.Length;

src/Identity/test/Identity.Test/PasswordHasherTest.cs

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,9 @@ public void HashPassword_Version3()
112112
[InlineData("AQAAAAAAAAD6AAAAEAhftMyfTJyAAAAAAAAAAAAAAAAAAAih5WsjXaR3PA9M")] // incorrect password
113113
[InlineData("AQAAAAIAAAAyAAAAEOMwvh3+FZxqkdMBz2ekgGhwQ4A=")] // too short
114114
[InlineData("AQAAAAIAAAAyAAAAEOMwvh3+FZxqkdMBz2ekgGhwQ4B6pZWND6zgESBuWiHwAAAAAAAAAAAA")] // extra data at end
115+
[InlineData("AQAAAAIAAYagAP///wABAgMEBQYHCAkKCwwNDg/Q8A0WMKbtHQJQ2DHCdoEeeFBrgNlldq6vH4qX/CGqGQ==")] // salt length greater than data length
116+
[InlineData("AQAAAAEAACcQf////4r8+J3NDEnMWKlHbhJQ6N5oooZ7hUi3cr/qAjd7Lc1Sv6GhorP7Ly0AzCv9PAmKww==")] // salt length is Int32.MaxValue
117+
[InlineData("AQAAAAIAAYagAAAACAABAgMEBQYH4qLSh7iNSI12qySxAkyR0XgpXpvNiwqhBJFNLbJKKFw=")] // salt length (8 bytes) less than minimum allowed
115118
public void VerifyHashedPassword_FailureCases(string hashedPassword)
116119
{
117120
// Arrange

0 commit comments

Comments
 (0)