Merge branch 'master' into issue15137

author: Bond-009 <bond.009@outlook.com> 2026-02-14 12:07:30 +0100
committer: GitHub <noreply@github.com> 2026-02-14 12:07:30 +0100
commit: 29582ed461b693368ec56567c2e40cfa20ef4bf5 (patch)
tree: 04721b833e8e6108c2e13c4f0ea9f4dc7b2ae946 /Emby.Server.Implementations/Cryptography
parent: ca6d499680f9fbb369844a11eb0e0213b66bb00b (diff)
parent: 3b6985986709473c69ba785460c702c6bbe3771d (diff)
1 files changed, 25 insertions, 2 deletions
diff --git a/Emby.Server.Implementations/Cryptography/CryptographyProvider.cs b/Emby.Server.Implementations/Cryptography/CryptographyProvider.cs
index 5380c45d8..0381c4d35 100644
--- a/Emby.Server.Implementations/Cryptography/CryptographyProvider.cs
+++ b/Emby.Server.Implementations/Cryptography/CryptographyProvider.cs
@@ -39,22 +39,24 @@ namespace Emby.Server.Implementations.Cryptography
         {
             if (string.Equals(hash.Id, "PBKDF2", StringComparison.Ordinal))
             {
+                var iterations = GetIterationsParameter(hash);
                 return hash.Hash.SequenceEqual(
                     Rfc2898DeriveBytes.Pbkdf2(
                         password,
                         hash.Salt,
-                        int.Parse(hash.Parameters["iterations"], CultureInfo.InvariantCulture),
+                        iterations,
                         HashAlgorithmName.SHA1,
                         32));
             }
 
             if (string.Equals(hash.Id, "PBKDF2-SHA512", StringComparison.Ordinal))
             {
+                var iterations = GetIterationsParameter(hash);
                 return hash.Hash.SequenceEqual(
                     Rfc2898DeriveBytes.Pbkdf2(
                         password,
                         hash.Salt,
-                        int.Parse(hash.Parameters["iterations"], CultureInfo.InvariantCulture),
+                        iterations,
                         HashAlgorithmName.SHA512,
                         DefaultOutputLength));
             }
@@ -62,6 +64,27 @@ namespace Emby.Server.Implementations.Cryptography
             throw new NotSupportedException($"Can't verify hash with id: {hash.Id}");
         }
 
+        /// <summary>
+        /// Extracts and validates the iterations parameter from a password hash.
+        /// </summary>
+        /// <param name="hash">The password hash containing parameters.</param>
+        /// <returns>The number of iterations.</returns>
+        /// <exception cref="FormatException">Thrown when iterations parameter is missing or invalid.</exception>
+        private static int GetIterationsParameter(PasswordHash hash)
+        {
+            if (!hash.Parameters.TryGetValue("iterations", out var iterationsStr))
+            {
+                throw new FormatException($"Password hash with id '{hash.Id}' is missing required 'iterations' parameter.");
+            }
+
+            if (!int.TryParse(iterationsStr, CultureInfo.InvariantCulture, out var iterations))
+            {
+                throw new FormatException($"Password hash with id '{hash.Id}' has invalid 'iterations' parameter: '{iterationsStr}'.");
+            }
+
+            return iterations;
+        }
+
         /// <inheritdoc />
         public byte[] GenerateSalt()
             => GenerateSalt(DefaultSaltLength);
author	Bond-009 <bond.009@outlook.com>	2026-02-14 12:07:30 +0100
committer	GitHub <noreply@github.com>	2026-02-14 12:07:30 +0100
commit	29582ed461b693368ec56567c2e40cfa20ef4bf5 (patch)
tree	04721b833e8e6108c2e13c4f0ea9f4dc7b2ae946 /Emby.Server.Implementations/Cryptography
parent	ca6d499680f9fbb369844a11eb0e0213b66bb00b (diff)
parent	3b6985986709473c69ba785460c702c6bbe3771d (diff)