zhouxy108/hutool
1
0
Fork 0
mirror of https://gitee.com/chinabugotech/hutool.git synced 2025-07-21 15:09:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix Bcrypt bug

Browse Source
This commit is contained in:
Looly
2021-05-08 11:07:28 +08:00
parent cef68b6bde
commit 405208a5de
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hutool-crypto/src/main/java/cn/hutool/crypto/digest/BCrypt.java
View File

@@ -424,7 +424,9 @@ public class BCrypt {
off = 3;
else {
minor = salt.charAt(2);
if (minor != 'a' || salt.charAt(3) != '$')
// pr#1560@Github
// 修正一个在Blowfish实现上的安全风险
if ((minor != 'a' && minor != 'x' && minor != 'y' && minor != 'b') || salt.charAt(3) != '$')
throw new IllegalArgumentException("Invalid salt revision");
off = 4;
}