From 3518fbfb07af3a9f39872cb04aeb65b8a762c5d9 Mon Sep 17 00:00:00 2001 From: Martin Hauser Date: Wed, 10 Jun 2026 09:59:41 +0200 Subject: [PATCH 1/2] fix issue #23 avoid allocating memory before checking whether keylen is actually a sane value. --- ext/mri/bcrypt_pbkdf_ext.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ext/mri/bcrypt_pbkdf_ext.c b/ext/mri/bcrypt_pbkdf_ext.c index 2b06f3a..13f042c 100644 --- a/ext/mri/bcrypt_pbkdf_ext.c +++ b/ext/mri/bcrypt_pbkdf_ext.c @@ -8,6 +8,8 @@ static VALUE cBCryptPbkdfEngine; */ static VALUE bc_crypt_pbkdf(VALUE self, VALUE pass, VALUE salt, VALUE keylen, VALUE rounds) { size_t okeylen = NUM2ULONG(keylen); + if (okeylen == 0 || okeylen > 1024) + return Qnil; u_int8_t* okey = xmalloc(okeylen); VALUE out; From 2019421c8a971ee55bd5a16d9998e96a3264ef51 Mon Sep 17 00:00:00 2001 From: Martin Hauser Date: Wed, 10 Jun 2026 10:11:17 +0200 Subject: [PATCH 2/2] do not leak memory on error state within bcrypt_pbkdf_ext to fix #33. --- ext/mri/bcrypt_pbkdf_ext.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ext/mri/bcrypt_pbkdf_ext.c b/ext/mri/bcrypt_pbkdf_ext.c index 13f042c..e5cee8d 100644 --- a/ext/mri/bcrypt_pbkdf_ext.c +++ b/ext/mri/bcrypt_pbkdf_ext.c @@ -18,8 +18,10 @@ static VALUE bc_crypt_pbkdf(VALUE self, VALUE pass, VALUE salt, VALUE keylen, VA (const u_int8_t*)StringValuePtr(salt), RSTRING_LEN(salt), okey, okeylen, NUM2ULONG(rounds)); - if (ret < 0) + if (ret < 0) { + xfree(okey); return Qnil; + } out = rb_str_new((const char*)okey, okeylen); xfree(okey); return out;