aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB
diff options
context:
space:
mode:
authorMarc Alexander <admin@m-a-styles.de>2013-10-01 17:38:52 +0200
committerMarc Alexander <admin@m-a-styles.de>2013-10-01 17:38:52 +0200
commit61e4c0f25172231d203799e4c3c5920e665ab4fa (patch)
tree06994ed7413ead055604409cb8cc3319fdca23ac /phpBB
parent3ebff0a96042ba366e316727cbb83b063bc0700d (diff)
downloadforums-61e4c0f25172231d203799e4c3c5920e665ab4fa.tar
forums-61e4c0f25172231d203799e4c3c5920e665ab4fa.tar.gz
forums-61e4c0f25172231d203799e4c3c5920e665ab4fa.tar.bz2
forums-61e4c0f25172231d203799e4c3c5920e665ab4fa.tar.xz
forums-61e4c0f25172231d203799e4c3c5920e665ab4fa.zip
[feature/passwords] Do not hash passwords longer than 4096 bytes
PHPBB3-11610
Diffstat (limited to 'phpBB')
-rw-r--r--phpBB/phpbb/passwords/manager.php14
1 files changed, 14 insertions, 0 deletions
diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php
index 52644b05ac..b90775126c 100644
--- a/phpBB/phpbb/passwords/manager.php
+++ b/phpBB/phpbb/passwords/manager.php
@@ -191,6 +191,13 @@ class manager
*/
public function hash_password($password, $type = '')
{
+ if (strlen($password) > 4096)
+ {
+ // If the password is too huge, we will simply reject it
+ // and not let the server try to hash it.
+ return false;
+ }
+
$type = ($type === '') ? $this->type : $type;
if (is_array($type))
@@ -230,6 +237,13 @@ class manager
*/
public function check_hash($password, $hash)
{
+ if (strlen($password) > 4096)
+ {
+ // If the password is too huge, we will simply reject it
+ // and not let the server try to hash it.
+ return false;
+ }
+
// First find out what kind of hash we're dealing with
$stored_hash_type = $this->detect_algorithm($hash);
if ($stored_hash_type == false)