From: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Date: Tue, 9 Nov 2021 17:06:51 +0000 (+0000)
Subject: make sure we catch 0 iterations in the $PBKDF2$... format, too
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ebfbd3c56b0e508476be6361ac4b69d337f164fb;p=thirdparty%2Ffreeradius-server.git

make sure we catch 0 iterations in the $PBKDF2$... format, too
---

diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
index 5b0fd8a42a5..d6de7c02f2d 100644
--- a/src/modules/rlm_pap/rlm_pap.c
+++ b/src/modules/rlm_pap/rlm_pap.c
@@ -589,14 +589,14 @@ static inline CC_HINT(nonnull) unlang_action_t pap_auth_pbkdf2_parse(rlm_rcode_t
 
 		iterations = ntohl(iterations);
 
-		/*
-		 *	0 iterations is invalid (we need at least one)
-		 */
-		if (iterations == 0) iterations = 1;
-
 		p = q + 1;
 	}
 
+	/*
+	 *	0 iterations is invalid (we need at least one)
+	 */
+	if (iterations == 0) iterations = 1;
+
 	if (((end - p) < 1) || !(q = memchr(p, salt_sep, end - p))) {
 		REDEBUG("PBKDF2-Password missing salt component");
 		goto finish;