makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/11873] Do not hash very large passwords in order to safe resources.

Browse source 
PHPBB3-11873
This commit is contained in:
Joas Schilling 2013-09-27 01:18:28 +02:00 committed by Andreas Fischer
parent d18bded3ac
commit cba28c39ad
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
phpBB/includes/functions.php
View file

@ -502,6 +502,13 @@ function phpbb_hash($password)
*/ */
function phpbb_check_hash($password, $hash) function phpbb_check_hash($password, $hash)
{ {
if (strlen($password) > 4096)
{
// If the password is too huge, we will simply reject it
// and not let the server try to hash it.
return false;
}
$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; $itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
if (strlen($hash) == 34) if (strlen($hash) == 34)
{ {