zhouxy108/hutool
1
0
Fork 0
mirror of https://gitee.com/chinabugotech/hutool.git synced 2025-07-21 15:09:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix Bcrypt bug

Browse Source
This commit is contained in:
Looly
2021-05-08 11:07:28 +08:00
parent cef68b6bde
commit 405208a5de
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -14,6 +14,7 @@
* 【core 】 修复Tailer无stop问题issue#I3PQLQ@Gitee * 【core 】 修复Tailer无stop问题issue#I3PQLQ@Gitee
* 【core 】 修复空白excel读取报错问题issue#1552@Github * 【core 】 修复空白excel读取报错问题issue#1552@Github
* 【extra 】 修复Sftp.mkDirs报错问题issue#1536@Github * 【extra 】 修复Sftp.mkDirs报错问题issue#1536@Github
* 【core 】 修复Bcrypt不支持$2y$盐前缀问题pr#1560@Github
------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------

4
hutool-crypto/src/main/java/cn/hutool/crypto/digest/BCrypt.java
View File

@@ -424,7 +424,9 @@ public class BCrypt {
off = 3; off = 3;
else { else {
minor = salt.charAt(2); minor = salt.charAt(2);
if (minor != 'a' || salt.charAt(3) != '$') // pr#1560@Github
// 修正一个在Blowfish实现上的安全风险
if ((minor != 'a' && minor != 'x' && minor != 'y' && minor != 'b') || salt.charAt(3) != '$')
throw new IllegalArgumentException("Invalid salt revision"); throw new IllegalArgumentException("Invalid salt revision");
off = 4; off = 4;
} }