-
-
Save rnewson/6f6cc38e9f5e9ac22e65 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl | |
index 08841fb..6888f06 100644 | |
--- a/src/couchdb/couch_httpd_auth.erl | |
+++ b/src/couchdb/couch_httpd_auth.erl | |
@@ -368,11 +368,28 @@ authenticate(Pass, UserProps) -> | |
couch_util:get_value(<<"password_sha">>, UserProps, nil)}; | |
<<"pbkdf2">> -> | |
Iterations = couch_util:get_value(<<"iterations">>, UserProps, 10000), | |
+ verify_iterations(Iterations), | |
{couch_passwords:pbkdf2(Pass, UserSalt, Iterations), | |
couch_util:get_value(<<"derived_key">>, UserProps, nil)} | |
end, | |
couch_passwords:verify(PasswordHash, ExpectedHash). | |
+verify_iterations(Iterations) when is_integer(Iterations) -> | |
+ Min = list_to_integer(couch_config:get("couch_httpd_auth", "min_iterations", "1")), | |
+ Max = list_to_integer(couch_config:get("couch_httpd_auth", "max_iterations", "1000000000")), | |
+ case Iterations < Min of | |
+ true -> | |
+ throw({forbidden, <<"Iteration count is too low for this server">>}); | |
+ false -> | |
+ ok | |
+ end, | |
+ case Iterations > Max of | |
+ true -> | |
+ throw({forbidden, <<"Iteration count is too high for this server">>}); | |
+ false -> | |
+ ok | |
+ end. | |
+ | |
auth_name(String) when is_list(String) -> | |
[_,_,_,_,_,Name|_] = re:split(String, "[\\W_]", [{return, list}]), | |
?l2b(Name). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment