argon2: bail out if m < 8p (#22232)

Fixes #22231
author: Frank Denis <124872+jedisct1@users.noreply.github.com> 2024-12-14 20:26:55 +0100
committer: GitHub <noreply@github.com> 2024-12-14 19:26:55 +0000
commit: 0fac47cf28dfc669397a2bb1f661b13915a0ab4c (patch)
tree: 9a40f9332d878be860652d1d3d9bc82e36a2e070 /lib/std
parent: 70de2f3a763550cf408705a73cc66f79a45a6e68 (diff)
download: zig-0fac47cf28dfc669397a2bb1f661b13915a0ab4c.tar.gz
zig-0fac47cf28dfc669397a2bb1f661b13915a0ab4c.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/std/crypto/argon2.zig b/lib/std/crypto/argon2.zig
index 74a96383d5..28782e414d 100644
--- a/lib/std/crypto/argon2.zig
+++ b/lib/std/crypto/argon2.zig
@@ -496,6 +496,7 @@ pub fn kdf(
     if (password.len > max_int) return KdfError.WeakParameters;
     if (salt.len < 8 or salt.len > max_int) return KdfError.WeakParameters;
     if (params.t < 1 or params.p < 1) return KdfError.WeakParameters;
+    if (params.m / 8 < params.p) return KdfError.WeakParameters;
 
     var h0 = initHash(password, salt, params, derived_key.len, mode);
     const memory = @max(
author	Frank Denis <124872+jedisct1@users.noreply.github.com>	2024-12-14 20:26:55 +0100
committer	GitHub <noreply@github.com>	2024-12-14 19:26:55 +0000
commit	0fac47cf28dfc669397a2bb1f661b13915a0ab4c (patch)
tree	9a40f9332d878be860652d1d3d9bc82e36a2e070 /lib/std
parent	70de2f3a763550cf408705a73cc66f79a45a6e68 (diff)
download	zig-0fac47cf28dfc669397a2bb1f661b13915a0ab4c.tar.gz zig-0fac47cf28dfc669397a2bb1f661b13915a0ab4c.zip