modules/crypto/pbkdf2v2: reduce size of sscanf(3) buffers

0x2000 (8 KiB) is definitely sufficient to mitigate any potential
inadvertant overflow, and an attacker with a crafted malicious
database would have been able to overflow the old 0x8000 (32 KiB)
buffers anyway.

diff --git a/modules/crypto/pbkdf2v2.c b/modules/crypto/pbkdf2v2.c
index f816038faea52e456578c3772ffa9e0b9692b586..914241ae9ff5ceff378403fc85475656365f0406 100644 (file)
--- a/modules/crypto/pbkdf2v2.c
+++ b/modules/crypto/pbkdf2v2.c
@@ -61,7 +61,7 @@ struct pbkdf2v2_parameters
 {
        const EVP_MD    *md;
        unsigned char    cdg[EVP_MAX_MD_SIZE];
-       char             salt[0x8000];
+       char             salt[0x2000];
        size_t           dl;
        size_t           sl;
        unsigned int     a;
@@ -178,7 +178,7 @@ pbkdf2v2_upgrade(const char *const restrict parameters)
 {
        unsigned int prf;
        unsigned int iter;
-       char salt[0x8000];
+       char salt[0x2000];
 
        (void) memset(salt, 0x00, sizeof salt);