From 462e568f0054ef75e1a80fc7e40cdff41cb0b545 Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Mon, 22 Dec 2025 03:26:09 -0500
Subject: [PATCH] fix #2311 (#2312)

Validate bcrypt-cost config value to prevent silent errors
---
 irc/accounts.go      | 4 ++--
 irc/config.go        | 8 +++++++-
 irc/passwd/bcrypt.go | 1 +
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/irc/accounts.go b/irc/accounts.go
index fd55aeff..df59d230 100644
--- a/irc/accounts.go
+++ b/irc/accounts.go
@@ -2337,7 +2337,7 @@ func (ac *AccountCredentials) Serialize() (result string, err error) {
 	return string(credText), nil
 }
 
-func (ac *AccountCredentials) SetPassphrase(passphrase string, bcryptCost uint) (err error) {
+func (ac *AccountCredentials) SetPassphrase(passphrase string, bcryptCost int) (err error) {
 	if passphrase == "" {
 		ac.PassphraseHash = nil
 		ac.SCRAMCreds = SCRAMCreds{}
@@ -2348,7 +2348,7 @@ func (ac *AccountCredentials) SetPassphrase(passphrase string, bcryptCost uint)
 		return errAccountBadPassphrase
 	}
 
-	ac.PassphraseHash, err = passwd.GenerateFromPassword([]byte(passphrase), int(bcryptCost))
+	ac.PassphraseHash, err = passwd.GenerateFromPassword([]byte(passphrase), bcryptCost)
 	if err != nil {
 		return errAccountBadPassphrase
 	}
diff --git a/irc/config.go b/irc/config.go
index fd997512..91d8b6d7 100644
--- a/irc/config.go
+++ b/irc/config.go
@@ -375,7 +375,7 @@ type AccountRegistrationConfig struct {
 		Mailto email.MailtoConfig
 	} `yaml:"callbacks"`
 	VerifyTimeout custime.Duration `yaml:"verify-timeout"`
-	BcryptCost    uint             `yaml:"bcrypt-cost"`
+	BcryptCost    int              `yaml:"bcrypt-cost"`
 }
 
 type VHostConfig struct {
@@ -1595,6 +1595,12 @@ func LoadConfig(filename string) (config *Config, err error) {
 	if config.Accounts.Registration.BcryptCost == 0 {
 		config.Accounts.Registration.BcryptCost = passwd.DefaultCost
 	}
+	if config.Accounts.Registration.BcryptCost < passwd.MinCost || config.Accounts.Registration.BcryptCost > passwd.MaxCost {
+		return nil, fmt.Errorf(
+			"invalid bcrypt-cost %d (require %d <= cost <= %d)",
+			config.Accounts.Registration.BcryptCost, passwd.MinCost, passwd.MaxCost,
+		)
+	}
 
 	if config.Channels.MaxChannelsPerClient == 0 {
 		config.Channels.MaxChannelsPerClient = 100
diff --git a/irc/passwd/bcrypt.go b/irc/passwd/bcrypt.go
index a7dfc1e4..2b0f8c82 100644
--- a/irc/passwd/bcrypt.go
+++ b/irc/passwd/bcrypt.go
@@ -11,6 +11,7 @@ import (
 
 const (
 	MinCost     = bcrypt.MinCost
+	MaxCost     = bcrypt.MaxCost
 	DefaultCost = 12 // ballpark: 250 msec on a modern Intel CPU
 )