From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Thu, 23 Oct 2025 17:50:43 +0000 (+0200)
Subject: lib-auth: auth-scram-client - Reduce maximum hash iterations in fuzzer to prevent... 
X-Git-Tag: 2.4.2~11
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d68f86558e94a630edb5fda029c9564650bfd2a6;p=thirdparty%2Fdovecot%2Fcore.git

lib-auth: auth-scram-client - Reduce maximum hash iterations in fuzzer to prevent timeout

OSS-Fuzz report: 454444201
---

diff --git a/src/lib-auth/auth-scram-client.c b/src/lib-auth/auth-scram-client.c
index 6652b43f71..8ba4d03666 100644
--- a/src/lib-auth/auth-scram-client.c
+++ b/src/lib-auth/auth-scram-client.c
@@ -18,7 +18,11 @@
 /* c-nonce length */
 #define SCRAM_CLIENT_NONCE_LEN 64
 /* Max iteration count accepted by the client */
-#define SCRAM_MAX_ITERATE_COUNT (128 * 4096)
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+#  define SCRAM_MAX_ITERATE_COUNT (128 * 4096)
+#else
+#  define SCRAM_MAX_ITERATE_COUNT (2 * 4096)
+#endif
 
 void auth_scram_client_init(struct auth_scram_client *client_r, pool_t pool,
 			    const struct auth_scram_client_settings *set)