#62732 Fix password validation in PasswordHasher`1: add check for upper bound for salt size before allocation an array

navferty · navferty · commit a6489b16b47e · 2025-07-17T14:14:15.000+04:00
diff --git a/src/Identity/Extensions.Core/src/PasswordHasher.cs b/src/Identity/Extensions.Core/src/PasswordHasher.cs
@@ -260,7 +260,7 @@ private static bool VerifyHashedPasswordV3(byte[] hashedPassword, string passwor
             int saltLength = (int)ReadNetworkByteOrder(hashedPassword, 9);
 
             // Read the salt: must be >= 128 bits
-            if (saltLength < 128 / 8)
+            if (saltLength < 128 / 8 || saltLength + 13 > hashedPassword.Length)
             {
                 return false;
             }

Original file line number	Diff line number	Diff line change
`@@ -260,7 +260,7 @@ private static bool VerifyHashedPasswordV3(byte[] hashedPassword, string passwor`
`260`	`260`	`int saltLength = (int)ReadNetworkByteOrder(hashedPassword, 9);`
`261`	`261`
`262`	`262`	`// Read the salt: must be >= 128 bits`
`263`		`- if (saltLength < 128 / 8)`
	`263`	`+ if (saltLength < 128 / 8 \|\| saltLength + 13 > hashedPassword.Length)`
`264`	`264`	`{`
`265`	`265`	`return false;`
`266`	`266`	`}`