From a584cf5c37f3e17c4f6265b9bc2df7377b0e5bbe Mon Sep 17 00:00:00 2001 From: Vassiliy Yegorov Date: Fri, 3 Jul 2026 19:58:54 +0700 Subject: [PATCH] =?UTF-8?q?fix(auth):=20VerifyPassword=20=D0=B2=D0=B0?= =?UTF-8?q?=D0=BB=D0=B8=D0=B4=D0=B8=D1=80=D1=83=D0=B5=D1=82=20=D0=BF=D0=B0?= =?UTF-8?q?=D1=80=D0=B0=D0=BC=D0=B5=D1=82=D1=80=D1=8B/=D0=B2=D0=B5=D1=80?= =?UTF-8?q?=D1=81=D0=B8=D1=8E,=20=D0=BD=D0=B5=20=D0=BF=D0=B0=D0=BD=D0=B8?= =?UTF-8?q?=D0=BA=D1=83=D0=B5=D1=82=20=D0=BD=D0=B0=20=D0=B1=D0=B8=D1=82?= =?UTF-8?q?=D0=BE=D0=BC=20=D1=85=D1=8D=D1=88=D0=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/auth/password.go | 49 +++++++++++++++++++++++++--- internal/auth/password_test.go | 58 ++++++++++++++++++++++++++++++++++ 2 files changed, 103 insertions(+), 4 deletions(-) diff --git a/internal/auth/password.go b/internal/auth/password.go index e88b04b..6127e58 100644 --- a/internal/auth/password.go +++ b/internal/auth/password.go @@ -5,6 +5,8 @@ import ( "crypto/subtle" "encoding/base64" "fmt" + "regexp" + "strconv" "strings" "golang.org/x/crypto/argon2" @@ -16,8 +18,18 @@ const ( argonThreads = 4 argonKeyLen = 32 argonSaltLen = 16 + + // Upper bounds guard against a corrupted/attacker-controlled + // password_hash forcing an oversized argon2 computation (DoS). + argonMaxMemoryKiB = 1 << 21 // 2 GiB in KiB + argonMaxTime = 10 + argonMaxThreads = 16 ) +// paramsRe strictly matches the "m=,t=,p=" parameter segment, +// requiring the whole segment to be consumed (no trailing garbage). +var paramsRe = regexp.MustCompile(`^m=([0-9]+),t=([0-9]+),p=([0-9]+)$`) + func HashPassword(password string) (string, error) { salt := make([]byte, argonSaltLen) if _, err := rand.Read(salt); err != nil { @@ -34,11 +46,40 @@ func VerifyPassword(encoded, password string) (bool, error) { if len(parts) != 6 || parts[1] != "argon2id" { return false, fmt.Errorf("auth: bad hash format") } - var m, t uint32 - var p uint8 - if _, err := fmt.Sscanf(parts[3], "m=%d,t=%d,p=%d", &m, &t, &p); err != nil { - return false, err + if parts[2] != "v=19" { + return false, fmt.Errorf("auth: unsupported version") } + + matches := paramsRe.FindStringSubmatch(parts[3]) + if matches == nil { + return false, fmt.Errorf("auth: bad hash format") + } + m64, err := strconv.ParseUint(matches[1], 10, 32) + if err != nil { + return false, fmt.Errorf("auth: bad hash format") + } + t64, err := strconv.ParseUint(matches[2], 10, 32) + if err != nil { + return false, fmt.Errorf("auth: bad hash format") + } + p64, err := strconv.ParseUint(matches[3], 10, 8) + if err != nil { + return false, fmt.Errorf("auth: bad hash format") + } + m, t, p := uint32(m64), uint32(t64), uint8(p64) + + // argon2.IDKey panics if time<1 ("number of rounds too small") or + // threads<1 ("parallelism degree too low"). Reject before calling it. + // Minimum memory per argon2 spec is 8*parallelism (in KiB). + if t < 1 || p < 1 || m < 8*uint32(p) { + return false, fmt.Errorf("auth: bad hash params") + } + // Upper bounds guard against DoS via inflated parameters in a + // corrupted or attacker-controlled stored hash. + if m > argonMaxMemoryKiB || t > argonMaxTime || p > argonMaxThreads { + return false, fmt.Errorf("auth: bad hash params") + } + salt, err := base64.RawStdEncoding.DecodeString(parts[4]) if err != nil { return false, err diff --git a/internal/auth/password_test.go b/internal/auth/password_test.go index 61c151e..035e2d8 100644 --- a/internal/auth/password_test.go +++ b/internal/auth/password_test.go @@ -27,3 +27,61 @@ func TestHashNonDeterministic(t *testing.T) { t.Fatal("salt must randomize hash") } } + +func TestVerifyPasswordBadTimeDoesNotPanic(t *testing.T) { + defer func() { + if r := recover(); r != nil { + t.Fatalf("VerifyPassword panicked: %v", r) + } + }() + encoded := "$argon2id$v=19$m=65536,t=0,p=4$c29tZXNhbHRzb21lc2FsdA$c29tZWhhc2hzb21laGFzaA" + ok, err := VerifyPassword(encoded, "anything") + if err == nil { + t.Fatal("expected error for t=0, got nil") + } + if ok { + t.Fatal("expected ok=false for t=0") + } +} + +func TestVerifyPasswordBadThreadsDoesNotPanic(t *testing.T) { + defer func() { + if r := recover(); r != nil { + t.Fatalf("VerifyPassword panicked: %v", r) + } + }() + encoded := "$argon2id$v=19$m=65536,t=1,p=0$c29tZXNhbHRzb21lc2FsdA$c29tZWhhc2hzb21laGFzaA" + ok, err := VerifyPassword(encoded, "anything") + if err == nil { + t.Fatal("expected error for p=0, got nil") + } + if ok { + t.Fatal("expected ok=false for p=0") + } +} + +func TestVerifyPasswordUnsupportedVersion(t *testing.T) { + encoded := "$argon2id$v=18$m=65536,t=1,p=4$c29tZXNhbHRzb21lc2FsdA$c29tZWhhc2hzb21laGFzaA" + ok, err := VerifyPassword(encoded, "anything") + if err == nil { + t.Fatal("expected error for unsupported version, got nil") + } + if ok { + t.Fatal("expected ok=false for unsupported version") + } +} + +func TestVerifyPasswordGarbageFormatDoesNotPanic(t *testing.T) { + defer func() { + if r := recover(); r != nil { + t.Fatalf("VerifyPassword panicked: %v", r) + } + }() + ok, err := VerifyPassword("notahash", "anything") + if err == nil { + t.Fatal("expected error for garbage format, got nil") + } + if ok { + t.Fatal("expected ok=false for garbage format") + } +}