mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-01-19 07:08:09 +01:00
Code Issues Releases Wiki Activity

[feature/passwords] Do not hash passwords longer than 4096 bytes

Browse Source 
PHPBB3-11610
This commit is contained in:
Marc Alexander 2013-10-01 17:38:52 +02:00
parent 3ebff0a960
commit 61e4c0f251
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
phpBB/phpbb/passwords/manager.php
View File

@ -191,6 +191,13 @@ class manager
*/
public function hash_password($password, $type = '')
{
if (strlen($password) > 4096)
{
// If the password is too huge, we will simply reject it
// and not let the server try to hash it.
return false;
}
$type = ($type === '') ? $this->type : $type;
if (is_array($type))
@ -230,6 +237,13 @@ class manager
*/
public function check_hash($password, $hash)
{
if (strlen($password) > 4096)
{
// If the password is too huge, we will simply reject it
// and not let the server try to hash it.
return false;
}
// First find out what kind of hash we're dealing with
$stored_hash_type = $this->detect_algorithm($hash);
if ($stored_hash_type == false)