Correct input validation for 31 rounds

jzheaux · jzheaux · commit 37d856dca464 · 2022-07-11T14:38:04.000-06:00
Closes gh-11470
diff --git a/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java b/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCrypt.java
@@ -543,7 +543,7 @@ private byte[] crypt_raw(byte password[], byte salt[], int log_rounds, boolean s
 		}
 		else {
 			rounds = roundsForLogRounds(log_rounds);
-			if (rounds < 16 || rounds > Integer.MAX_VALUE) {
+			if (rounds < 16 || rounds > 2147483648L) {
 				throw new IllegalArgumentException("Bad number of rounds");
 			}
 		}

Original file line number	Diff line number	Diff line change
`@@ -543,7 +543,7 @@ private byte[] crypt_raw(byte password[], byte salt[], int log_rounds, boolean s`
`543`	`543`	`}`
`544`	`544`	`else {`
`545`	`545`	`rounds = roundsForLogRounds(log_rounds);`
`546`		`- if (rounds < 16 \|\| rounds > Integer.MAX_VALUE) {`
	`546`	`+ if (rounds < 16 \|\| rounds > 2147483648L) {`
`547`	`547`	`throw new IllegalArgumentException("Bad number of rounds");`
`548`	`548`	`}`
`549`	`549`	`}`