Add error handling for hashSplit array length < 5 (invalid PBKDF2 has…

…h format) Add error handling to catch error on determine iterations via strconv.Atoi
iegomez · Jan 25, 2020 · 216dd43 · 216dd43
1 parent dd60047
commit 216dd43
Showing 1 changed file with 14 additions and 4 deletions.
diff --git a/common/utils.go b/common/utils.go
@@ -133,24 +133,34 @@ func HashCompare(password string, passwordHash string, saltEncoding string) bool
  //log.Debugf("Supplied: ", passwordHash)
  // Split the hash string into its parts.
  hashSplit := strings.Split(passwordHash, "$")
+ // Check array is of expected length
+ if len(hashSplit) != 5 {
+ log.Errorf("HashCompare, invalid PBKDF2 hash supplied!")
+ return false
+ }
+ // Define empty error
+ var err error
  // Get the iterations from PBKDF2 string
- iterations, _ := strconv.Atoi(hashSplit[2])
+ iterations, err := strconv.Atoi(hashSplit[2])
+ if err != nil {
+ log.Errorf("Error getting number of iterations from PBKDF2 hash!")
+ return false
+ }
  // Convert salt to bytes, using encoding supplied in saltEncoding param
  salt := []byte{}
- var err error
  if saltEncoding == "utf-8" {
  salt = []byte(hashSplit[3])
  } else {
  salt, err = base64.StdEncoding.DecodeString(hashSplit[3])
  if err != nil {
- log.Errorf("Error decoding supplied base64 salt")
+ log.Errorf("Error decoding supplied base64 salt!")
  return false
  }
  }
  // Work out key length, assumes base64 encoding
  hash, err := base64.StdEncoding.DecodeString(hashSplit[4])
  if err != nil {
- log.Errorf("Error decoding supplied base64 hash")
+ log.Errorf("Error decoding supplied base64 hash!")
  return false
  }
  keylen := len(hash)