From 53a224f6c7990a2b24000f597216abed6f67126b Mon Sep 17 00:00:00 2001
From: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Wed, 26 Oct 2011 11:53:23 +0000
Subject: - Improve generated crypt() passwords (#1488136)

git-svn-id: https://svn.roundcube.net/trunk@5367 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 plugins/password/drivers/sql.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'plugins/password/drivers/sql.php')

diff --git a/plugins/password/drivers/sql.php b/plugins/password/drivers/sql.php
index 836a58a44..ad8ac5f6b 100644
--- a/plugins/password/drivers/sql.php
+++ b/plugins/password/drivers/sql.php
@@ -37,16 +37,21 @@ function password_save($curpass, $passwd)
     // crypted password
     if (strpos($sql, '%c') !== FALSE) {
         $salt = '';
-        if (CRYPT_MD5) { 
-    	    $len = rand(3, CRYPT_SALT_LENGTH);
+        if (CRYPT_MD5) {
+            // Always use eight salt characters for MD5 (#1488136)
+    	    $len = 8;
         } else if (CRYPT_STD_DES) {
     	    $len = 2;
         } else {
     	    return PASSWORD_CRYPT_ERROR;
         }
+
+        //Restrict the character set used as salt (#1488136)
+        $seedchars = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
         for ($i = 0; $i < $len ; $i++) {
-    	    $salt .= chr(rand(ord('.'), ord('z')));
+    	    $salt .= $seedchars[rand(0, 63)];
         }
+
         $sql = str_replace('%c',  $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql);
     }
 
-- 
cgit v1.2.3