Add extra salt length check for BCrypt

If the salt length is 28 characters and the
version is 2{a,x,y}, an IndexOutOfBoundsException
is thrown. This commit adds an extra check that
the salt length should be at least 29 characters long
if the version is not equal to "2".

Fixes: gh-6907

crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java

@@ -780,6 +780,10 @@ public class BCrypt {
 		// Extract number of rounds
 		if (salt.charAt(off + 2) > '$')
 			throw new IllegalArgumentException ("Missing salt rounds");
+
+		if (off == 4 && saltLength < 29) {
+			throw new IllegalArgumentException("Invalid salt");
+		}
 		rounds = Integer.parseInt(salt.substring(off, off + 2));
 
 		real_salt = salt.substring(off + 3, off + 25);

crypto/src/test/java/org/springframework/security/crypto/bcrypt/BCryptTests.java

@@ -338,6 +338,11 @@ public class BCryptTests {
 				"$2$05$......................bvpG2UfzdyW/S0ny/4YyEZrmczoJfVm");
 	}
 
+	@Test(expected = IllegalArgumentException.class)
+	public void hashpwFailsWhenSaltIsTooShort() {
+		BCrypt.hashpw("password", "$2a$10$123456789012345678901");
+	}
+
 	@Test
 	public void equalsOnStringsIsCorrect() {
 		assertThat(BCrypt.equalsNoEarlyReturn("", "")).isTrue();