- Improve generated crypt() passwords (#1488136)

git-svn-id: https://svn.roundcube.net/trunk@5367 208e9e7b-5314-0410-a742-e7e81cd9613c
author: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> 2011-10-26 11:53:23 +0000
committer: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> 2011-10-26 11:53:23 +0000
commit: 53a224f6c7990a2b24000f597216abed6f67126b (patch)
tree: 8feaf6bb16febcfb6aa6ccdc273d5576f37faa43 /plugins/password/drivers/sql.php
parent: 16f639a499f7af6a363bbdf09bb282b095332e75 (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php
index 836a58a44..ad8ac5f6b 100644
--- a/plugins/password/drivers/sql.php
+++ b/plugins/password/drivers/sql.php
@@ -37,16 +37,21 @@ function password_save($curpass, $passwd)
     // crypted password
     if (strpos($sql, '%c') !== FALSE) {
         $salt = '';
-        if (CRYPT_MD5) { 
-    	    $len = rand(3, CRYPT_SALT_LENGTH);
+        if (CRYPT_MD5) {
+            // Always use eight salt characters for MD5 (#1488136)
+    	    $len = 8;
         } else if (CRYPT_STD_DES) {
     	    $len = 2;
         } else {
     	    return PASSWORD_CRYPT_ERROR;
         }
+
+        //Restrict the character set used as salt (#1488136)
+        $seedchars = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
         for ($i = 0; $i < $len ; $i++) {
-    	    $salt .= chr(rand(ord('.'), ord('z')));
+    	    $salt .= $seedchars[rand(0, 63)];
         }
+
         $sql = str_replace('%c',  $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql);
     }
author	alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>	2011-10-26 11:53:23 +0000
committer	alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>	2011-10-26 11:53:23 +0000
commit	53a224f6c7990a2b24000f597216abed6f67126b (patch)
tree	8feaf6bb16febcfb6aa6ccdc273d5576f37faa43 /plugins/password/drivers/sql.php
parent	16f639a499f7af6a363bbdf09bb282b095332e75 (diff)