From f1a468f17dcd4e9844e47d7916d920f7b5d4b163 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 31 Oct 2011 09:53:05 +0000
Subject: [PATCH] authcrypt:Hash: Fix insecure regex.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2967 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/authcrypt/lib/Auth/Source/Hash.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/authcrypt/lib/Auth/Source/Hash.php b/modules/authcrypt/lib/Auth/Source/Hash.php
index a4e2c24b7..ef7cd02d3 100644
--- a/modules/authcrypt/lib/Auth/Source/Hash.php
+++ b/modules/authcrypt/lib/Auth/Source/Hash.php
@@ -81,7 +81,8 @@ class sspmod_authcrypt_Auth_Source_Hash extends sspmod_core_Auth_UserPassBase {
 		assert('is_string($password)');
 
 		foreach($this->users as $userpass=>$attrs) {
-			if(preg_match("/^$username:(.*)$/", $userpass, $matches)) {
+			$matches = explode(':', $userpass, 2);
+			if ($matches[0] === $username) {
 				if(SimpleSAML_Utils_Crypto::pwValid($matches[1], $password)) {
 					return $this->users[$userpass];
 				} else {
-- 
GitLab