From 3518fbfb07af3a9f39872cb04aeb65b8a762c5d9 Mon Sep 17 00:00:00 2001
From: Martin Hauser <martin_hauser@genua.de>
Date: Wed, 10 Jun 2026 09:59:41 +0200
Subject: [PATCH] fix issue #23

avoid allocating memory before checking whether keylen is actually
a sane value.
---
 ext/mri/bcrypt_pbkdf_ext.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ext/mri/bcrypt_pbkdf_ext.c b/ext/mri/bcrypt_pbkdf_ext.c
index 2b06f3a..13f042c 100644
--- a/ext/mri/bcrypt_pbkdf_ext.c
+++ b/ext/mri/bcrypt_pbkdf_ext.c
@@ -8,6 +8,8 @@ static VALUE cBCryptPbkdfEngine;
 */
 static VALUE bc_crypt_pbkdf(VALUE self, VALUE pass, VALUE salt, VALUE keylen, VALUE rounds) {
   size_t okeylen = NUM2ULONG(keylen);
+  if (okeylen == 0 || okeylen > 1024)
+    return Qnil;
   u_int8_t* okey = xmalloc(okeylen);
   VALUE out;