From bc6f494af8994425f9a7bd9444ede8e4cd2b6b40 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Mon, 11 Jul 2022 14:04:39 -0600 Subject: [PATCH] Correct input validation for 31 rounds Closes gh-11470 --- .../java/org/springframework/security/crypto/bcrypt/BCrypt.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java index 559bcbcf24..0f8d082fdf 100644 --- a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java +++ b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java @@ -543,7 +543,7 @@ public class BCrypt { } else { rounds = roundsForLogRounds(log_rounds); - if (rounds < 16 || rounds > Integer.MAX_VALUE) { + if (rounds < 16 || rounds > 2147483648L) { throw new IllegalArgumentException("Bad number of rounds"); } }