Skip to content
Snippets Groups Projects
Commit f1a468f1 authored by Olav Morken's avatar Olav Morken
Browse files

authcrypt:Hash: Fix insecure regex. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2967 44740490-163a-0410-bde0-09ae8108e29a
parent a3a6e8d2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/authcrypt/lib/Auth/Source/Hash.php
+ 2
1
View file @ f1a468f1
...@@ -81,7 +81,8 @@ class sspmod_authcrypt_Auth_Source_Hash extends sspmod_core_Auth_UserPassBase { ...@@ -81,7 +81,8 @@ class sspmod_authcrypt_Auth_Source_Hash extends sspmod_core_Auth_UserPassBase {
assert('is_string($password)'); assert('is_string($password)');
foreach($this->users as $userpass=>$attrs) { foreach($this->users as $userpass=>$attrs) {
if(preg_match("/^$username:(.*)$/", $userpass, $matches)) { $matches = explode(':', $userpass, 2);
if ($matches[0] === $username) {
if(SimpleSAML_Utils_Crypto::pwValid($matches[1], $password)) { if(SimpleSAML_Utils_Crypto::pwValid($matches[1], $password)) {
return $this->users[$userpass]; return $this->users[$userpass];
} else { } else {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment