Prevent integer wrap-around with 31 rounds, fixes #24, fixes #25

dcodeIO · dcodeIO · commit dd6eaf724afc · 2015-08-02T23:15:35.000+02:00
diff --git a/bower.json b/bower.json
@@ -1,7 +1,7 @@
 {
     "name": "bcryptjs",
     "description": "Optimized bcrypt in plain JavaScript with zero dependencies.",
-    "version": "2.2.0",
+    "version": "2.2.1",
     "main": "dist/bcrypt-isaac.js",
     "license": "New-BSD",
     "homepage": "http://dcode.io/",
diff --git a/dist/bcrypt.js b/dist/bcrypt.js
@@ -1019,7 +1019,7 @@
             } else
                 throw err;
         }
-        rounds = 1 << rounds;
+        rounds = (1 << rounds) >>> 0;
         var P = P_ORIG.slice(),
             S = S_ORIG.slice(),
             i = 0, j;
diff --git a/dist/bcrypt.min.js b/dist/bcrypt.min.js
diff --git a/dist/bcrypt.min.map b/dist/bcrypt.min.map
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
     "name": "bcryptjs",
     "description": "Optimized bcrypt in plain JavaScript with zero dependencies. Compatible to 'bcrypt'.",
-    "version": "2.2.0",
+    "version": "2.2.1",
     "author": "Daniel Wirtz <dcode@dcode.io>",
     "contributors": [
         "Shane Girish <shaneGirish@gmail.com> (https://github.com/shaneGirish)",
diff --git a/src/bcrypt/impl.js b/src/bcrypt/impl.js
@@ -406,7 +406,7 @@ function _crypt(b, salt, rounds, callback, progressCallback) {
         } else
             throw err;
     }
-    rounds = 1 << rounds;
+    rounds = (1 << rounds) >>> 0;
     var P = P_ORIG.slice(),
         S = S_ORIG.slice(),
         i = 0, j;

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "bcryptjs",`
`3`	`3`	`"description": "Optimized bcrypt in plain JavaScript with zero dependencies.",`
`4`		`- "version": "2.2.0",`
	`4`	`+ "version": "2.2.1",`
`5`	`5`	`"main": "dist/bcrypt-isaac.js",`
`6`	`6`	`"license": "New-BSD",`
`7`	`7`	`"homepage": "http://dcode.io/",`
Original file line number	Diff line number	Diff line change
`@@ -406,7 +406,7 @@ function _crypt(b, salt, rounds, callback, progressCallback) {`
`406`	`406`	`} else`
`407`	`407`	`throw err;`
`408`	`408`	`}`
`409`		`- rounds = 1 << rounds;`
	`409`	`+ rounds = (1 << rounds) >>> 0;`
`410`	`410`	`var P = P_ORIG.slice(),`
`411`	`411`	`S = S_ORIG.slice(),`
`412`	`412`	`i = 0, j;`