diff options
author | Marc Alexander <admin@m-a-styles.de> | 2013-10-01 17:38:52 +0200 |
---|---|---|
committer | Marc Alexander <admin@m-a-styles.de> | 2013-10-01 17:38:52 +0200 |
commit | 61e4c0f25172231d203799e4c3c5920e665ab4fa (patch) | |
tree | 06994ed7413ead055604409cb8cc3319fdca23ac /phpBB | |
parent | 3ebff0a96042ba366e316727cbb83b063bc0700d (diff) | |
download | forums-61e4c0f25172231d203799e4c3c5920e665ab4fa.tar forums-61e4c0f25172231d203799e4c3c5920e665ab4fa.tar.gz forums-61e4c0f25172231d203799e4c3c5920e665ab4fa.tar.bz2 forums-61e4c0f25172231d203799e4c3c5920e665ab4fa.tar.xz forums-61e4c0f25172231d203799e4c3c5920e665ab4fa.zip |
[feature/passwords] Do not hash passwords longer than 4096 bytes
PHPBB3-11610
Diffstat (limited to 'phpBB')
-rw-r--r-- | phpBB/phpbb/passwords/manager.php | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/phpBB/phpbb/passwords/manager.php b/phpBB/phpbb/passwords/manager.php index 52644b05ac..b90775126c 100644 --- a/phpBB/phpbb/passwords/manager.php +++ b/phpBB/phpbb/passwords/manager.php @@ -191,6 +191,13 @@ class manager */ public function hash_password($password, $type = '') { + if (strlen($password) > 4096) + { + // If the password is too huge, we will simply reject it + // and not let the server try to hash it. + return false; + } + $type = ($type === '') ? $this->type : $type; if (is_array($type)) @@ -230,6 +237,13 @@ class manager */ public function check_hash($password, $hash) { + if (strlen($password) > 4096) + { + // If the password is too huge, we will simply reject it + // and not let the server try to hash it. + return false; + } + // First find out what kind of hash we're dealing with $stored_hash_type = $this->detect_algorithm($hash); if ($stored_hash_type == false) |