mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 22:10:45 +02:00
Code Issues Releases Wiki Activity

[ticket/11873] Do not hash very large passwords in order to safe resources.

Browse Source 
PHPBB3-11873
This commit is contained in:
Joas Schilling
2013-09-27 01:18:28 +02:00
committed by Andreas Fischer
parent d18bded3ac
commit cba28c39ad
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
phpBB/includes/functions.php
View File

@@ -502,6 +502,13 @@ function phpbb_hash($password)
*/ */
function phpbb_check_hash($password, $hash) function phpbb_check_hash($password, $hash)
{ {
if (strlen($password) > 4096)
{
// If the password is too huge, we will simply reject it
// and not let the server try to hash it.
return false;
}
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
if (strlen($hash) == 34) if (strlen($hash) == 34)
{ {